Hackers pose as CDC, WHO in fake coronavirus email phishing scams


Last week, The Burn-In reported on hackers deploying malware targeting people seeking information regarding the coronavirus outbreak. Now, Bloomberg revealed cybercriminals are posing as the Centers for Disease Control (CDC) and the World Health Organization (WHO) to spread more COVID-19 branded malicious software.

The publication also noted hackers targeted the U.S. Department of Health and Human Services as part of their pandemic disinformation campaign.

Fake Coronavirus Emails

A cybersecurity firm called BAE Systems Applied Intelligence recently uncovered malicious emails posing as dispatches from the CDC and WHO. In late February, hackers sent a malware-laden message to a South Korean electronics company. The rogue operators behind the cyber-attack used an email address belonging to a U.S. diplomat to make the communication appear legitimate.

Manage your supply chain from home with Sourcengine

BAE discovered a South Korean food company’s terminal had sent the email, which included a malicious attachment. The cybersecurity group doesn’t know if the sender had been subverted by hackers. However, the organization determined the falsified CDC warning featured a remote access Trojan horse.

On February 20, BAE discovered another COVID-19 related phishing email. Hackers made the email appear as if it came from the WHO and Ukraine’s Ministry of Health, but it contained a keylogger. The threat analysis company believes with “medium confidence” that the message came from a Russian military-linked group called Olympic Destroyer.

State-Sponsored COVID-19-Related Cyber-Attacks

Another cybersecurity firm called FireEye Inc. uncovered state-sponsored hackers from China, North Korea, and Russia attempting to use coronavirus anxiety to their advantage. The group discovered those nations sent malicious emails to users in Central Asia, Eastern Europe, and South Korea purporting to contain information regarding the pandemic. The rogue operators did so in an attempt to gain access to sensitive corporate and governmental data.

FireEye also reports hackers linked to the Chinese government have established a swath of fake social media accounts to spread COVID-19-related misinformation. The operatives have worked to bolster Beijing’s image will simultaneously tarnishing the reputation of Hong Kong protesters.

The cybersecurity company called the phenomena, which began in January, a “concerted campaign” to advance the interests of the Sino government. The group also uncovered similar behavior from rogue operators associated with the Russian government, activity that has also been identified by U.S. officials.

State Department Special Envoy Lea Gabrielle confirmed Moscow is utilizing an “entire ecosystem” to spread false information regarding the coronavirus. The region’s state-sponsored hackers have deployed fake websites, official state platforms, social media accounts, and bots to advance their narrative.

Attempted US Health Department Hack

Cyber-criminals have also taken to targeting segments of the American government as part of their misinformation campaigns. On March 16, Bloomberg reported hackers launched an attack against the U.S. Department of Health and Human Services’ (HHS) network. The site spoke to an unnamed U.S. official who said rogue operators attempted to overwhelm the HHS’ servers with millions of pings.

Fortunately, the cyber-attack reportedly failed to affect the HHS’ network or breach its cybersecurity meaningfully.

Bloomberg notes the attempted hack also coincided with a release of new false information regarding the COVID-19 epidemic. The National Security Council acknowledged the two-pronged campaign with a tweet Sunday. The agency also refuted rumors that a national quarantine had gone into effect.

As of this writing, U.S. officials have not identified the source of the attack. But the National Security Agency and U.S. Cyber Command are investigating the incident.

To avoid getting hacked, Internet users should install antivirus programs on their systems, not open suspicious emails, and get coronavirus updates only from legitimates sources like the CDC and WHO. The Burn-In has also prepared a primer on what to do if you are the victim of a cybercrime.


Please enter your comment!
Please enter your name here