On Wednesday, Proofpoint security researchers released a report detailing links between COVID-19 themed phishing attacks and APT TA413. TA413 has been active for almost a decade, well known for its use of the LuckyCat and ExileRAT malware. APT TA413 is a Chinese threat actor group that largely targets European diplomatic entities and organizations in Tibet.
However, the group has recently been tied to phishing attacks impersonating the World Health Organization, capitalizing on the current pandemic and public fear to lure victims into clicking malicious links that deliver the Sepulcher malware. Proofpoint researchers also tied TA413 to a separate campaign targeting Tibetan dissidents, attempting to deliver the same Sepulcher malware. According to Proofpoint, the group acted in the interest of the Chinese government, prioritizing intelligence collection for the majority of this year before reverting to their typical attacks and targeting later.
Read More: Chinese Hackers Target Europe, Tibetans With ‘Sepulcher’ Malware