Claims Lazarus Group planning COVID 19-related phishing campaign

NK operatives might be planning global cyber-attacks including several Asian countries.

Threat intelligence and cybersecurity platform company, CYFIRMA believes the Lazarus Group — hacker group sponsored by North Korea – are planning a global phishing campaign.

There is a common thread across six targeted nations in multiple continents – the governments of these countries have announced significant fiscal support to individuals and businesses in their effort to stabilise their pandemic-ravaged economies.

The following are some of the government-funded programs:

Singapore, a small nation-state in Southeast Asia, has announced almost SGD 100B financial aid in various forms to stem unemployment and keep businesses afloat

  • Japan has announced stimulus funds of about 234 trillion yen
  • South Korea government has allocated a total of US$200B of emergency relief funds for industries including carmakers, telecoms, airlines, shipbuilders, and small merchants. The relief funds include cash handouts to families with certain provinces extending the support to tax-paying foreigners
  • Indian government has announced Rs 20 lakh crore (US$307B) of credit, finance and collateral-free loans to micro, small and medium enterprises, as well as welfare packages for citizens
  • North America has set aside trillions of dollars to design Economic Impact Payment or Stimulus Payments as well as Paycheck Protection Program to prop up its economy

As part of the UK government COVID-19 recovery strategy, several support programs have been made available, such as Coronavirus Job Retention Scheme, and Self-Employment Income Support Scheme. The Government’s package has also been complemented by further contributions from the Bank of England.

The Lazarus Group’s upcoming phishing campaign is designed to impersonate government agencies, departments, and trade associations who are tasked to oversee the disbursement of the fiscal aid.

According CYFIRMA the hackers plan to capitalize on these announcements to lure vulnerable individuals and companies into falling for the phishing attacks.

“Given the potential victims are likely to need financial assistance, this campaign carries a significant impact on political and social stability,” stated the cybersecurity firm.

CYFIRMA researchers first picked up the lead on the first of June 2020  and have been analysing the planned campaign, decoding the threats, and gathering evidence. Evidence points to hackers planning to launch attacks in six countries across multiple continents over a two-day period. Further research uncovered seven different email templates impersonating government departments and business associations.

“As of time of reporting (18 Jun), we have not seen the phishing or impersonated sites defined in the email templates. But our research shows the hackers were planning to set that up in the next 24 hours,” stated CYFIRMA. “We also observed that hackers are planning to spoof or create fake email IDs impersonating various authorities.”

Some of the emails discussed in their phishing campaign plan:


According to the hackers plans as observed by CYFIRMA Research, the phishing campaigns are scheduled to launch in the following countries across multiple continents on the stated:

  • Japan 20 June 2020 Individuals
  • India 21 June 2020 Individuals
  • Singapore 21 June 2020 Businesses
  • South Korea 21 June 2020 Individuals
  • USA 20 June 2020 Individuals
  • UK 20 June 2020 Businesses




Leave a Comment

Related posts