Quote:Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns.
Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread media attention around the development and distribution of COVID-19 vaccines – as well as recent reports that manufacturers like Pfizer may not be able to supply additional doses of its vaccine to the U.S. large volumes until sometime in Q2.
These lures continue to play into the high emotions of victims during a pandemic – something seen in various phishing and malware campaigns throughout the last year.
“Malicious actors had a field day back in March in April as the Coronavirus washed over countries around the world,” said Eric Howes, with KnowBe4, in a Wednesday post. “It was and still is the perfect tool for social engineering scared, confused, and even downright paranoid end users into opening the door to your organization’s network.”
Researchers with Intezer recently discovered a new Zebrocy malware sample in a campaign that has the hallmarks of a COVID-19 vaccine lure. In November, researchers uncovered a Virtual Hard Drive (VHD) file (VHD is the native file format for virtual hard drives used by Microsoft’s hypervisor, Hyper-V) uploaded to Virus Bulletin.
This VHD file included a file that suggests cybercriminals behind the attack using a COVID-19 vaccine-related spear-phishing lure. This PDF file consisted of presentation slideshows about Sinopharm International Corporation, which is a China-based pharmaceutical company currently working on a COVID-19 vaccine. Sinopharm International Corporation’s vaccine is currently undergoing phase three clinical trials but it has already been distributed to nearly one million people.
The second VHD file, masquerading as a Microsoft file, was a sample of Zebrocy written in Go. Zebrocy (also known as Sednit, APT28, Fancy Bear, and STRONTIUM), a malware used by the threat group Sofacy, operates as a downloaders and collects data about the infected host that is then uploaded to the command-and-control (C2) server before downloading and executing the next stage. Researchers noted that the C2 infrastructure linked to this campaign appears to be new.
Researchers warn that the attackers behind Zebrocy will likely continue to utilize COVID-19 vaccines as a lure: “Given that many COVID-19 vaccines are about to be approved for clinical use, it’s likely that APTs (Advanced Persistent Threat) and financially motivated threat actors will use this malware in their attacks,” they said in a Wednesday post.
Read more: https://threatpost.com/covid-19-vaccine-...cy/162072/
![[-]](https://www.geeks.fyi/images/collapse.png)
