COVID-19 (Coronavirus) themed malware attacks are now common. The subject matter automatically contains at least two of the primary social engineering triggers, fear and urgency, making it an obvious lure for use by criminals. Even a long-standing China-based APT has begun to use the threat in a new spear-phishing campaign.
Researchers from Check Point Research have found a spear-phishing campaign targeting the Mongolian public sector and apparently emanating from China. The campaign has similarities to earlier campaigns — such as one targeting the Belarus government and dropping the ByeBye backdoor in 2017. Check Point believes the attackers have also targeted Ukraine and Russia in campaigns dating back to 2016.