Researchers say well-funded Chinese hackers have used coronavirus phishing emails to attack government agencies in neighboring Mongolia in search of information
- Check Point researchers say they intercepted a coronavirus-themed phishing attack from an established Chinese hacking group on government agencies in Mongolia.
- The researchers say they don't know if the attack was by state-sponsiored hackers, but note that it sought information rather than financial gain.
- A former NSA researcher and expert on Chinese hackers says the group is not necessarily government-backed, but that whether the government knows about and supports it "is the big question."
- Visit Business Insider's homepage for more stories.
Cybersecurity researchers say they have intercepted a targeted cyberattack leveraging the coronavirus by a Chinese hacking group on government agencies in neighboring Mongolia.
Check Point says the attacks used "phishing" emails containing malware that were disguised as coronavirus information from the Mongolian Ministry of Foreign Affairs. The researchers say the emails were sent to Mongolian government agencies with the intention of "luring the recipients into giving the hackers remote network access and an open-door to steal sensitive information."
Lotem Finkelstein, a threat researcher at the Israel-based company, noted that the hackers used "new servers and new tools throughout January and February" as if "people are not dying of coronavirus."
The company says it does not know if the attacks were supported by the Chinese government, but that it's noteworthy that an apparently well-funded hacking group inside China would target other governments for four years in attacks stealing documents rather than money.
Ron Gula, a former researcher from the National Security Administration who invests in cybersecurity companies that track China, said that in general one cannot assume hacking groups in China are working for the government, even though many are. "They might just be hackers, or organized crime" operations, he said. Whether the government knows about and somehow supports the groups "is the big question."
Right now everyone should be wary of cyberattacks - including those from the Chinese government, he said. "Home workers are more easily compromised by all hackers, including Chinese state-sponsored hackers,"
Finklestein said the groups' previous attacks were also being made on telecom companies and that they dated back four years, according to data his team found by "fingerprinting" the operation. Previous attacks not using coronavirus-related emails were also made on Russia, Ukraine and Belarus.
Check Point says it has found over 4,000 coronavirus-related domains registered globally, 3% of which are malicious, and 5% of which are suspicious, a higher rate than among all new domains.