Millions of Indians could be targeted by fake emails, social media posts or texts messages related to Covid-19 in order to steal their credentials or compromise their computers, India’s official cybersecurity agency Cert-IN said in an advisory uploaded on Friday, citing a report from independent researchers who said the attack is being planned by North Korea-based cyber criminals.
The alert is the latest in a series of warnings from cybersecurity firms across the world about hackers exploiting interest in the coronavirus disease pandemic to lure people into clicking on fake login pages or downloading malicious files that could create a backdoor in their computers.
“The phishing campaign is expected to impersonate government agencies, departments and trade associations tasked to oversee the disbursement of the government fiscal aid,” the advisory by Cert-IN (Indian Computer Emergency Response Team) said, citing a report by Singapore-based cybersecurity firm Cyfirma.
Such campaigns usually have a financial motive since access to a person’s email account or their computers in entirety could allow the cybercriminals to break into people’s bank accounts.
The potential for damage “is immeasurable”, Cyfirma’s CEO Kumar Ritesh said in response to questions over email. “When PII (personally identifiable information) is stolen, impersonation will take place where hackers can use your identity to commit all sort of crimes, or infiltrate corporate systems. For this particular phishing campaign, hackers are looking personal details / PAN no / communication address / health conditions,” he added.
According to Cyfirma’s report, the attack is yet to begin and could involve two million email addresses that the cyber actor – identified as the well-known Lazarus group — seem to have. The hackers, in particular, plan to capitalise on announcements of financial aid “to lure vulnerable individuals and companies into falling for the phishing attacks,” it said.
Some of the other emails may pretend to be from authorities and offer people to sign-up for free Covid-19 testing.
“As of time of reporting (18 Jun), we have not seen the phishing or impersonated sites defined in the email templates. But our research shows the hackers were planning to set that up in the next 24 hours,” the report said.
It was unclear how the email addresses of the Indian targets were compromised. “But it is fairly easy to scrape and steal email address from social media and other platforms. Compromised email addresses can also be found on sale in dark web marketplaces,” Ritesh said.
The campaign was also planning to target people in US, UK, Japan, Singapore and South Korea, it added.
The analysis carried purported screenshots of some of the phishing emails, which showed the text appeared to be signed by government officials. The mails could be sent through spoofed addresses – one of the addresses it could be from is email@example.com – and could include links or files that can deliver malicious code.
In recent months, agencies have warned of hacking attempts involving Covid-19 – with one notable instance being fake Aarogya Setu applications that were being spread. These fake apps could allow a victim’s device to be turned into a spying tool, giving access to phone data, camera and the microphone.
Some of these attacks involve state-based actors, and cyber threat analysts have highlighted the risks Indian citizens face due to inadequate data protection safeguards. “Knowing the work of state actors who are well-funded and highly resourceful, we cannot rule out further cyber activities that could arise from the phishing campaign,” said Ritesh.