Skip to main content

North Korea reportedly plans massive cyberattack this weekend to steal your stimulus check

North Korea hack Internet Explorer
(Image credit: Shutterstock; Tom's Guide)

North Korean hackers are preparing to launch large-scale phishing attacks against 5 million targets in the U.S., U.K., India, Japan, South Korea and Singapore, according to researchers at security firm Cyfirma.

The Cyfirma report says that the infamous North Korea-based Lazarus Group plans  to launch a Covid-19-themed phishing campaign against individuals and businesses in those six countries on June 20 and 21. The ultimate goal appears to be to steal coronavirus-relief payments.

Cyfirma expects the attackers to use "phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives."

"These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information," the report adds.

The researchers, who discovered the planned attack on June 1, did not make clear how the hackers would try to intercept or steal stimulus checks, but the attackers are expected to impersonate the agencies that distribute such payments.

“The hackers plan to capitalize on these announcements to lure vulnerable individuals and companies into falling for the phishing attacks. Given the potential victims are likely to be in need of financial assistance, this campaign carries a significant impact on political and social stability.”

Perpetual bad guys

The Lazarus Group, which has been active for more than a decade, is known for using techniques such as malware, zero-day attacks, phishing and fake news to launch devastating state-sponsored attacks on targets in over 31 countries.

It has been blamed for the global WannaCry ransomware-worm attack in 2017, the 2016 electronic theft of $81 billion from the central bank of Bangladesh, and the attack on Sony Pictures in 2014, among other crimes.

Unlike the state-sponsored hackers of Russia, China, Iran and the U.S., who primarily seek secret information about other countries, North Korea's state hackers frequently delve into regular cybercrime. It's believed that their cyberthefts help supplement state coffers.

Global targets

The emails will target people and organisations in Singapore, Japan, South Korea, India, the U.S. and the United Kingdom, whose governments have announced respective support initiatives for people and firms affected by the pandemic.

“There is a common thread across six targeted nations in multiple continents," the Cyfirma report noted. "The governments of these countries have announced significant fiscal support to individuals and businesses in their effort to stabilize their pandemic-ravaged economies.”

It’s believed that the perpetrators will use spoofed and fake emails to convince victims that they’re being contacted by government organisations. These include:

  • covid19notice@usda.gov
  • ccff-applications@bankofengland.co.uk
  • covid-support@mom.gov.sg
  • covid-support@mof.go.jp
  • ncov2019@gov.in
  • fppr@korea.kr

In terms of numbers, the hackers have 1.4 million curated email IDs for U.S. targets; 180,000 business contacts in the UK; 1.3 million individual email IDs in Japan; 2 million individual email IDs in India; 8,000 contact emails in Singapore; as well as 700,000 individual email IDs in South Korea. 

Ilia Kolochenko, founder & CEO of web security company ImmuniWeb, told Tom’s Guide: “To combat the rising threat of phishing attacks, organizations should gradually invest in consistent cybersecurity awareness and personnel training. 

“The human layer remains the weakest link but is, however, frequently underestimated by victims. As a matter of technical cyber resilience, assets visibility, continuous security and anomaly monitoring enhanced with agile patch management will prevent the vast majority of problems addressable on the technical side.”

  • Read more: Stateside? Discover today's best US VPN server providers