A mysterious hacking group has been posing as Taiwan’s top infection-disease official in an attempt to steal sensitive data from Taiwanese users, researchers said Monday.
The hackers sent meticulously written spearphishing emails to a select group of targets, which may have included Taiwan’s Centers for Disease Control employees, according to ElevenPaths, the cybersecurity unit of Spanish telecommunications firm Telefónica Group, which uncovered the activity.
It’s a reminder of the lengths to which hacking groups have gone to impersonate public health authorities and break into computer networks during the COVID-19 pandemic.
Over the course of a week in early May, the hackers sent emails to certain Taiwanese users urging them to get novel coronavirus tests. Attached to the email was a remote hacking tool capable of stealing login credentials and hijacking webcams.
“The type of tools and the targets selected indicate that they are looking for intelligence, mainly governmental,” Miguel Ángel de Castro Simón, threat intelligent analyst at ElevenPaths, told CyberScoop. It is unclear how successful the phishing was; de Castro Simón said he didn’t know.
The hackers are part of a group known as Vendetta that has only surfaced in the last two months. The group is adept at impersonating authorities in multiple languages. They have posed as agency officials in Australia, Austria and Romania in attempts to install remote hacking tools on victim machines, Chinese cybersecurity company Qihoo 360 said in a report in May. At least some of Vendetta’s hacking attempts have been to “steal targeted business intelligence,” according to Qihoo 360.
“This type of group does not carry out massive attacks, but [are] very selective, so the number [of victims] should not be too high,” de Castro Simón said when asked how many users in Taiwan may have been compromised.
The cyber-masquerading is a problem that health authorities around the world have had to contend with during the COVID-19 crisis. In the last three months, there have been reports of Iranian and South Korean hackers targeting the World Health Organization, Chinese spies trying to steal U.S. vaccine research and cybercriminals extorting health care companies responding to the virus.
The CDC is not the only health body in Taiwan that hackers have impersonated in recent weeks. Another, apparently unrelated campaign spoofed Taiwan’s Health Ministry in an attempt to install the LokiBot data-stealing malware on victim machines, according to a report from ISSDU, a Taiwanese cybersecurity company. It is unclear who is responsible for those attempted intrusions.