North Korea reportedly plans massive cyberattack this weekend to steal your stimulus check

North Korea hack Internet Explorer
(Image credit: Shutterstock; Tom's Guide)

North Korean hackers are preparing to launch large-scale phishing attacks against 5 million targets in the U.S., U.K., India, Japan, South Korea and Singapore, according to researchers at security firm Cyfirma.

The Cyfirma report says that the infamous North Korea-based Lazarus Group plans  to launch a Covid-19-themed phishing campaign against individuals and businesses in those six countries on June 20 and 21. The ultimate goal appears to be to steal coronavirus-relief payments.

Cyfirma expects the attackers to use "phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives."

"These phishing emails are designed to drive recipients to fake websites where they will be deceived into divulging personal and financial information," the report adds.

The researchers, who discovered the planned attack on June 1, did not make clear how the hackers would try to intercept or steal stimulus checks, but the attackers are expected to impersonate the agencies that distribute such payments.

“The hackers plan to capitalize on these announcements to lure vulnerable individuals and companies into falling for the phishing attacks. Given the potential victims are likely to be in need of financial assistance, this campaign carries a significant impact on political and social stability.”

Perpetual bad guys

The Lazarus Group, which has been active for more than a decade, is known for using techniques such as malware, zero-day attacks, phishing and fake news to launch devastating state-sponsored attacks on targets in over 31 countries.

It has been blamed for the global WannaCry ransomware-worm attack in 2017, the 2016 electronic theft of $81 billion from the central bank of Bangladesh, and the attack on Sony Pictures in 2014, among other crimes.

Unlike the state-sponsored hackers of Russia, China, Iran and the U.S., who primarily seek secret information about other countries, North Korea's state hackers frequently delve into regular cybercrime. It's believed that their cyberthefts help supplement state coffers.

Global targets

The emails will target people and organisations in Singapore, Japan, South Korea, India, the U.S. and the United Kingdom, whose governments have announced respective support initiatives for people and firms affected by the pandemic.

“There is a common thread across six targeted nations in multiple continents," the Cyfirma report noted. "The governments of these countries have announced significant fiscal support to individuals and businesses in their effort to stabilize their pandemic-ravaged economies.”

It’s believed that the perpetrators will use spoofed and fake emails to convince victims that they’re being contacted by government organisations. These include:

  • covid19notice@usda.gov
  • ccff-applications@bankofengland.co.uk
  • covid-support@mom.gov.sg
  • covid-support@mof.go.jp
  • ncov2019@gov.in
  • fppr@korea.kr

In terms of numbers, the hackers have 1.4 million curated email IDs for U.S. targets; 180,000 business contacts in the UK; 1.3 million individual email IDs in Japan; 2 million individual email IDs in India; 8,000 contact emails in Singapore; as well as 700,000 individual email IDs in South Korea. 

Ilia Kolochenko, founder & CEO of web security company ImmuniWeb, told Tom’s Guide: “To combat the rising threat of phishing attacks, organizations should gradually invest in consistent cybersecurity awareness and personnel training. 

“The human layer remains the weakest link but is, however, frequently underestimated by victims. As a matter of technical cyber resilience, assets visibility, continuous security and anomaly monitoring enhanced with agile patch management will prevent the vast majority of problems addressable on the technical side.”

  • Read more: Stateside? Discover today's best US VPN server providers
TOPICS

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
AI Mode of google search
Google’s making it easier to start new AI Mode searches — here’s how
Gemini logo on smartphone
Google Gemini Gems now available to all users without a subscription
DeepSeek login in page displayed on smartphone
DeepSeek R1 just got even smarter with a new upgrade — here's what's changed
Galaxy S25 Ultra from the back
Samsung Galaxy S26 Ultra leak claims a massive upgrade is coming to all three cameras
CAD renders of the Google Pixel 10
Pixel 10 could include a repurposed ‘Pixie’ assistant — but what actually happened?
Galaxy S25 Edge dummy unit from side angle
Samsung Galaxy S25 Edge design just shown off on video from every angle with seemingly accurate dummies