Over a dozen government-backed attacker groups have leveraged the global Covid-19 pandemic to launch phishing and malware attacks against targets according to a recent report by Google’s Threat Analysis Group (TAG).

TAG is Google’s specialized team of security experts that works to “identify, report, and stop government-backed phishing and hacking” against Google and Google users.

“TAG has specifically identified over a dozen government-backed attacker groups using Covid-19 themes as a lure for phishing and malware attempts—trying to get their targets to click malicious links and download files,” Google said in the report.

The search giant highlighted a particular campaign where hackers had targeted the personal Google accounts of U.S. government employees. Attackers had tried to get these users to click on malicious links using phishing lures posing as American fast-food franchises and Covid-19 messaging.

According to the report, few of the emails offered free meals and coupons in response to Covid-19 while others contained online ordering and delivery options. As soon as the user clicked on these links, they were taken to phishing pages that were meant to collect their Google credentials.

“The vast majority of these messages were sent to spam without any user ever seeing them, and we were able to block the domains using Safe Browsing preemptively. We’re not aware of any user having their account compromised by this campaign, but as usual, we notify all targeted users with a “government-backed attacker” warning,” Google said.

Google has also detected multiple phishing and scamming attempts by hackers impersonating as health organizations.

The tech giant’s security team found new, Covid-19-specific targeting of international health organizations which is consistent with the threat actor group dubbed Charming Kitten.

Similar attacks have been reported from a South American actor, known externally as Packrat. These groups send emails to users with links that led to a domain spoofing the World Health Organization’s login page.

“These findings show that health organizations, public health agencies, and the individuals who work there are becoming new targets as a result of Covid-19. We're proactively adding extra security protections, such as higher thresholds for Google Account sign in and recovery, to more than 50,000 of such high-risk accounts,” the report said.

This is consistent with recent media reports. According to a recent report by SITE Intelligence Group, hackers have leaked a list of nearly 25,000 email addresses and passwords allegedly belonging to the National Institutes of Health, the World Health Organisation (WHO), the Gates Foundation and other groups engaged in combatting the global Covid-19 pandemic.

“Across Google products, we’re seeing bad actors use COVID-related themes to create urgency so that people respond to phishing attacks and scams. Our security systems have detected examples ranging from fake solicitations for charities and NGOs to messages that try to mimic employer communications to employees working from home to websites posing as official government pages and public health agencies,” Google said.

Furthermore, the search giant had also detected 18 million malware and phishing Gmail messages per day related to Covid-19 for personal Gmail users in addition to more than 240 million COVID-related daily spam messages.

Google has donated over $200,000 in grants as part of a new Vulnerability Research Grant Covid-19 fund for Google VRP researchers who help identify various vulnerabilities in a bid to enhance cybersecurity during the pandemic.

Related Topics