State-sponsored hackers target US government employees with fast food bait amid fog of coronavirus

The logo and building of the World Health Organisation headquarters in Geneva, Switzerland: EPA/MARTIAL TREZZINI
The logo and building of the World Health Organisation headquarters in Geneva, Switzerland: EPA/MARTIAL TREZZINI

More than a dozen hacker groups backed by foreign governments have targeted US employees with phishing and malware attacks under the cover of the coronavirus pandemic, according to Google security data.

Google's Threat Analysis Group said on Wednesday the state-sponsored campaigns to target US government employees with offers of free fast food were among the 18 million attempted scam messages per day related to Covid-19.

Meanwhile, nearly 25,000 email addresses and passwords belonging to the Wuhan Institute of Virology, the World Health Organisation, the Centse for Disease Control, the National Institutes of Health, and the Bill & Melinda Gates Foundation were leaked online late on Wednesday, according to the SITE Intelligence Group.

SITE Intelligence Group Director Rita Katz said on a Twitter thread that the hacked emails were posted to message group 4chan by right-wing extremists.

The findings come as the Department of Justice on Wednesday notified domain hosts about hundreds of websites that were attempting to exploit coronavirus fears to scam or compromise network security; with the FBI reporting a 260 per cent increase in daily scams.

Google did not specify which foreign governments were behind the recent attacks against US employees. But their team found separate Covid-19 threats targeting health organisations in a manner consistent with the groups Charming Kitten and Packrat, which corroborated recent reports of Iranian influence in attacks against the World Health Organisation.

In publishing the findings of the state-sponsored campaigns it had been tracking, the head of Google's Threat Analysis Group, Shane Huntley, said hackers targeted the personal email accounts of US government workers.

"Some messages offered free meals and coupons in response to COVID-19, others suggested recipients visit sites disguised as online ordering and delivery options," Mr Huntley said.

"We're not aware of any user having their account compromised by this campaign, but as usual, we notify all targeted users with a 'government-backed attacker' warning."

Mr Huntley said they were seeing the change in tactics by government-backed groups as hackers experienced productivity lags and issues due to the global lockdowns and quarantine efforts.

Google has begun adding extra security protections for more than 50,000 high-risk accounts belonging to public health organisations and agencies becoming new targets as a result of Covid-19.

The FBI's Internet Crime Complaint Centre received 3,600 complaints a day, up from an average 1,000 per day before the pandemic, with scam websites posing as organisations like the American Red Cross offering coronavirus cures and vaccines in an attempt to instal malware.

To disrupt the malicious websites, the FBI and Department of Justice are coordinating with the Secret Service, Food and Drug Administration and Postal Inspection Service.

"Keeping pace with the growing threat of cyber-enabled COVID-19 scams requires an alliance between the private sector and our law enforcement partners to safeguard our Nation from this sort of nefarious conduct," said US Secret Service Director James M Murray.

Read more

When can we really expect coronavirus to end?

Everything you need to know on supermarket delivery slots

The dirty truth about washing your hands

Which countries around the world has coronavirus spread to?

Listen to the latest episode of The Independent Coronavirus Podcast