Popular North Korea hacking group, Lazarus Group, is preparing to launch a massive cyberattack this weekend. According to a report by the Internet security company Cyfirma, the infamous North Korean hacking group, the attack will take place after the government distributes the COVID-19 stimulus checks.
The notorious hacking syndicate may target Americans who are recipients of government stimulus checks, and all the recipients of stimulus checks worldwide. The group has planned a phishing strategy according to the report, targeting some specific 5 million individuals and companies, bridging across the United States, UK, Japan , India, Singapore and South Korea.
North Korea hacking group plans to impersonate government officials
The internet security firm anticipates the group to launch the attack this weekend for two days, impacting small, medium, and large businesses, on top of individual people. The plan is to lure these individuals by mimicking a government official, or the governing body in the victim’s country.
According to Cryfirma, if the individuals fall for the trap, they may then disclose information that the North Korea hacking group can use to access vital accounts. The report reads:
“The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives. These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information.”
GLOBAL-COVID-19-RELATED-PHISHING-CAMPAIGN-BY-NORTH-KOREAN-OPERATIVES-LAZARUS-GROUP-EXPOSED-BY-CYFIRMA-RESEARCHERS 'https://t.co/6125Zwhdxa'
— CYFIRMA (@cyfirma) June 19, 2020
Massive phishing strategy
Every nation included in the report is undertaking some stimulus, either for businesses, its citizens, or even both of them. All the strategies outlined by Cryfirma in the report involve luring the victims by extra payouts, to squeeze out more private information, maybe to sell on the dark web.
Furthermore, the internet security firm has highlighted some emails that are likely to be used in the phishing plan. Cryfirma has identified the following emails as impersonator accounts:
covid19notice@usda.gov;
ccff-applications@bankofengland.co.uk;
covid-support@mom.gov.sg;
covid-support@mof.go.jp;
ncov2019@gov.in;
fppr@korea.kr.