Published by ZDNet
Singapore, Japan, and the US are amongst six nations reportedly targeted in a COVID-19 themed phishing campaign that is scheduled to take place June 21. North Korean state hacker group Lazarus are said to be behind the massive attack that will see more than 5 million businesses and individuals receiving phishing email messages from spoofed government accounts.
This would include 8,000 organisations in Singapore where the business contacts highlighted in an email template were addressed to members of the Singapore Business Federation (SBF), according to a report from cybersecurity vendor Cyfirma. Introduced in 2001 by the Ministry of Trade and Industry, SBF is responsible for promoting Singapore businesses and currently represents 27,200 companies.
The targeted Singapore businesses would reportedly receive phishing email messages — written in Chinese — from a spoofed Ministry of Manpower account, supposedly offering additional payouts for employees under the government’s COVID-19 support packages.
The attacks are part of the Lazarus Group’s large-scale campaign targeting more than 5 million individuals and businesses, including small and large enterprises, across six countries: Singapore, South Korea, Japan, India, the UK, and the US. The North Korean hacker group is looking to gain financially from the campaign, where targeted email recipients will be asked to visit fraudulent websites and lured into revealing their personal and financial data, according to Cyfirma.