COVID-19 related Phishing Attack Campaign by North Korean Operatives – CERT-In Advisory

COVID-19 related Phishing Attack Campaign by North Korean Operatives – CERT-In Advisory

Indian Computer Emergency Response Team (CERT-In) based on report by  CYFIRMA Researchers reported that malicious actors are planning a large-scale phishing attack campaign against Indian individuals and businesses (small, medium, and large enterprises).

According to CYFIRMA Researchers they have been tracking the Lazarus Group, a known hacker group sponsored by North Korea. Investigations revealed detailed plans indicating an upcoming global phishing campaign targeted on 6 countries including India which have recently announced significant fiscal support to individuals and businesses in their effort to stabilize their Covid-19 pandemic-ravaged economies.

The phishing campaign is expected to use phishing or impersonated websites along with malicious emails under the pretext of local authorities incharge of dispensing government-funded Covid-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information.

The phishing campaign is expected to be designed to impersonate government agencies, departments,and trade associations who have been tasked to oversee the disbursement of the government fiscal aid.The malicious actors are claiming to have 2 million individual / citizen email IDs and are planning to send emails with the subject: free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad,Chennai and Ahmedabad, inciting them to provide personal information.

It has been reported that these malicious actors are planning to spoof or create fake email IDs impersonating various authorities. The email id expected to be used for the phishing campaign towards Indian individuals and businesses is expected to be from email such as “ncov2019@gov.in” and the attack campaign is expected to start on 21st June 2020. 

Best Practices :

1. Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list,and never click on a URL contained in an unsolicited e-mail, even if the link seems benign. In cases of genuine URLs close out the e-mail and go to the organization’s website directly through browser.

2. Leverage Pretty Good Privacy in mail communications. Additionally, advise the users to encrypt/ protect the sensitive documents stored in the internet facing machines to avoid potential leakage

3. Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.

3. Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “truefile type” (i.e. the extension matches the file header). Block the attachments of file types,“exe|pif|tmp|url|vb|vbe|scr|reg|cer|pst|cmd|com|bat|dll|dat|hlp|hta|js|wsf”

4. Beware about phishing domain, spelling errors in emails, websites and unfamiliar email senders Check the integrity of URLs before providing login credentials or clicking a link.

5. Do not submit personal information to unknown and unfamiliar websites.

6. Beware of clicking form phishing URLs providing special offers like winning prize, rewards,cashback offers.

7. Consider using Safe Browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall, and filtering services.

8. Update spam filters with latest spam mail contents

9. Any unusual activity or attack should be reported immediately at incident@cert-in.org.in. withthe relevant logs, email headers for the analysis of the attacks and taking further appropriate actions

Contact Information
Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road, New Delhi – 110 003 INDIA

• Engagement of ‘Young Professional’ in the office of the PCCT Bihar & Jharkhand
• CGPDTM invites applications for hiring contractual manpower and Young Professionals
• Sundry creditors can’t be treated income u/s 41(1) because recovery barred by limitation
• Exemption u/s 11 allowed for ITR filed u/s 139 not u/s 139(1) as per CBDT Circular
• FAQs on amendment proposed to rates of TCS u/s 394(1) of the Income-tax Act 2025