Last week attackers exploited Coronavirus fears by sending malicious health information emails aimed at Japanese-language speakers. This week Proofpoint researchers uncovered new Coronavirus-themed email attacks that focus on concerns around disruptions to global shipping. In this latest notable effort, attackers are nearly exclusively targeting industries that are particularly susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic companies (in that order).
While this specific Coronavirus-themed email campaign is narrow in its focus, it features malicious Microsoft Word documents, exploits a two-and-a-half-year-old vulnerability, and installs AZORult, an information stealing malware. The malware actors doing this appear to be from Russia and Eastern Europe, and while they aren’t part an APT group, they clearly understand the economic concerns surrounding the Coronavirus. All emails with Coronavirus-themes and attachments should be treated with caution, even if they don’t appear to be directly health related.
A Coronavirus-related shipping supply disruption would negatively impact each of the company types listed above and it’s clear these attackers are aware that a major event like Coronavirus can have secondary impacts on industries. This awareness demonstrates not just technical sophistication, but economic sophistication as well. In addition to the health concerns around Coronavirus, there are increased concerns globally about Coronavirus’ potential economic and international supply chain impact.
Read the full article here: https://www.proofpoint.com/us/corporate-blog/post/coronavirus-themed-attacks-target-global-shipping-concerns