- Cyber-attacks sought information on economies hit by virus
- APT TA413 known for targeting Tibetan dissidents, report says
A Chinese nation-state hacker group targeted European government officials, diplomats, non-profits and other global organizations in a phishing campaign designed to gather intelligence about global economies reeling from the pandemic, according to cybersecurity experts.
In March, hackers from a group known as APT TA413 sent phishing emails mimicking the World Health Organization’s Covid-19 guidance in an attempt to lure victims into clicking on an attachment containing malicious code, the cybersecurity firm Proofpoint Inc. said in a report Wednesday. It said the malicious email was sent to “numerous entities involved with economic policy and forecasting within Europe.”
The same strain of malware was discovered in a phishing campaign in July targeting Tibetan dissidents, which the TA413 hacker group is best known for targeting, Proofpoint said.
The malware, called Sepulcher, allows attackers to read, write and delete files, among other functionalities. It’s not clear to what extent the hackers were able to penetrate the networks of the groups that were targeted.
The campaign’s focus on economic, diplomatic and legislative entities in Europe suggests a momentary realignment for the Chinese hackers “to collect information on global economies cast into upheaval as a result of Covid-19,” according to the report.
Top officials at the World Health Organization have also been targeted by suspected nation-state hackers earlier this year as they continue to lead the global response to the coronavirus pandemic.
The Proofpoint report comes amid warnings from the U.S. that Chinese hackers are targeting research on possible coronavirus treatments and vaccines. In July, the U.S. Department of Justice accused two Chinese hackers of trying to to steal data, including virus research, from Western companies in 11 countries.