North Korea reportedly plans massive cyberattack this weekend to steal your stimulus check

North Korea hack Internet Explorer
(Image credit: Shutterstock; Tom's Guide)

North Korean hackers are preparing to launch large-scale phishing attacks against 5 million targets in the U.S., U.K., India, Japan, South Korea and Singapore, according to researchers at security firm Cyfirma.

The Cyfirma report says that the infamous North Korea-based Lazarus Group plans  to launch a Covid-19-themed phishing campaign against individuals and businesses in those six countries on June 20 and 21. The ultimate goal appears to be to steal coronavirus-relief payments.

Cyfirma expects the attackers to use "phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives."

"These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information," the report adds.

The researchers, who discovered the planned attack on June 1, did not make clear how the hackers would try to intercept or steal stimulus checks, but the attackers are expected to impersonate the agencies that distribute such payments.

“The hackers plan to capitalize on these announcements to lure vulnerable individuals and companies into falling for the phishing attacks. Given the potential victims are likely to be in need of financial assistance, this campaign carries a significant impact on political and social stability.”

Perpetual bad guys

The Lazarus Group, which has been active for more than a decade, is known for using techniques such as malware, zero-day attacks, phishing and fake news to launch devastating state-sponsored attacks on targets in over 31 countries.

It has been blamed for the global WannaCry ransomware-worm attack in 2017, the 2016 electronic theft of $81 billion from the central bank of Bangladesh, and the attack on Sony Pictures in 2014, among other crimes.

Unlike the state-sponsored hackers of Russia, China, Iran and the U.S., who primarily seek secret information about other countries, North Korea's state hackers frequently delve into regular cybercrime. It's believed that their cyberthefts help supplement state coffers.

Global targets

The emails will target people and organisations in Singapore, Japan, South Korea, India, the U.S. and the United Kingdom, whose governments have announced respective support initiatives for people and firms affected by the pandemic.

“There is a common thread across six targeted nations in multiple continents," the Cyfirma report noted. "The governments of these countries have announced significant fiscal support to individuals and businesses in their effort to stabilize their pandemic-ravaged economies.”

It’s believed that the perpetrators will use spoofed and fake emails to convince victims that they’re being contacted by government organisations. These include:

  • covid19notice@usda.gov
  • ccff-applications@bankofengland.co.uk
  • covid-support@mom.gov.sg
  • covid-support@mof.go.jp
  • ncov2019@gov.in
  • fppr@korea.kr

In terms of numbers, the hackers have 1.4 million curated email IDs for U.S. targets; 180,000 business contacts in the UK; 1.3 million individual email IDs in Japan; 2 million individual email IDs in India; 8,000 contact emails in Singapore; as well as 700,000 individual email IDs in South Korea. 

Ilia Kolochenko, founder & CEO of web security company ImmuniWeb, told Tom’s Guide: “To combat the rising threat of phishing attacks, organizations should gradually invest in consistent cybersecurity awareness and personnel training. 

“The human layer remains the weakest link but is, however, frequently underestimated by victims. As a matter of technical cyber resilience, assets visibility, continuous security and anomaly monitoring enhanced with agile patch management will prevent the vast majority of problems addressable on the technical side.”

  • Read more: Stateside? Discover today's best US VPN server providers
TOPICS

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Latest in Online Security
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Best antivirus software
How does antivirus software work
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
Latest in News
iOS 19 logo on an iPhone
iOS 19 — all the rumors so far
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 11 (#639)
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Gmail logo on iPhone
Gmail just got a huge AI upgrade that will save you a ton of time
Nina Oyama and Kate Box in Deadloch
One of my favorite shows on Prime Video has been totally overlooked — and it's got 100% on Rotten Tomatoes
Xbox handheld
Xbox handheld reportedly arriving this year, new PC-like console in 2027