On the 20th of June, the Central Government asked Indians to be cautious about the Phishing attack, amid the Novel Coronavirus or COVID-19.
The Indian Computer Emergency Response Team (CERT) alerted Indians of the malicious actors’ phishing attack campaign.
The cyber attack which includes hacking personal information, stealing data and online scam is expected to begin from the 21st of June, Sunday.
It would also garb official communication on the ongoing pandemic crisis due to the COVID-19 infection in India.
The CERT-In which is under the Indian Government, released a statement regarding the same and said, “The phishing campaign is expected to use malicious emails under the pretext of local authorities in charge of dispensing Government-funded COVID-19 support initiatives. Such emails are designed to drive recipients towards fake websites where they are deceived into downloading malicious files or entering personal and financial information.” It further added, “The malicious actors are claiming to have two million individual/citizen email IDs and are planning to send emails with the subject free COVID-19 testing for all residents of Delhi, Mumbai, Hyderabad, Chennai and Ahmedabad, inciting them to provide personal information. These malicious actors are planning to spoof or create fake email IDs impersonating various authorities. The email ID expected to be used for the phishing campaign towards Indian individuals and businesses is expected to be from email such as ‘[email protected]’ and the attack campaign is expected to start on the 21st of June.”
Besides CERT-In, cyber security agencies also warned citizens of India and asked them to avoid any such mails, even if the sender is from their contact.
Since the past 3 months, cyber scam is one of the major concerns for Indian companies doing work from home.
According to media sources, hackers from North Korea initiated the COVID-19 themed phishing attack.
The massive phishing attack would target as many as 20 lakh citizens in India.
A cyber security agency of Singapore said, “The North Korean hacker (Lazarus Group) group is looking to gain financially from the campaign, where targeted email recipients will be asked to visit fraudulent websites and lured into revealing their personal and financial data.”
This is not the first such cyber scam of Lazarus Group. In the past, they hacked data of Sony Pictures Entertainment (2014) and conducted a large-scale scam named WannaCry ransomware attack campaign in the United States (U.S.) and Britain (2017.)
In September 2018, the same group was alleged of creating a malware to infiltrate Indian automated teller machines (ATMs) and steal customers’ card details.
Other countries on target of Lazarus Group to the massive Phishing attack are the U.S., Japan, Singapore, South Korea and the United Kingdom (U.K.)
Stay tuned for further updates.
