Cybersecurity company Check Point has detected a cyberattack carried out by a group of Chinese coronavirus-themed hackers against the Mongolian Foreign Ministry.
Cyber criminals sent malicious attachments via email to Mongolian officials and aimed to remotely access computer systems and steal sensitive information.
One of the documents used by the ‘hackers’ was called “On the Spread of New Coronavirus Infections” and quoted the Chinese National Health Committee, Check Point said in a statement sent to Europa Press.
Specifically, the group of ‘hackers’ infected the files with viruses called RoyalRoad, which downloads a file every time the user starts the Word application and infects all the files with the WLL extension.
In this way, when opening any file with Word, a ‘malware’ is downloaded that infects the user’s computer and allows cyber criminals to access and steal sensitive information.
The experts at Check Point have managed to detect the authorship of the cyberattack thanks to the extraction of the fingerprints left by the cybercriminals in the code of the ‘malware’ stored on their servers.
Furthermore, the company has pointed out that the group of Chinese hackers has been operating since 2016 and that its usual targets are public entities and telecommunications companies from Russia, Ukraine, Belarus and Mongolia.
“The covid-19 represents not only a physical threat, but also a cyber threat,” said cybersecurity firm chief threat intelligence Lotem Finkelsteen. “A Chinese APT group took advantage of the public interest in everything related to the coronavirus for their own benefit, so they decided to use it as a novel chain of computer infections,” he added.
Finkelsteen has also stated that “all telecommunications and public companies worldwide should protect their documents and websites related to the coronavirus.”
– .
