OODA Loop – Coronavirus-Themed APT Attack Spreads Malware
An advanced persistent threat (APT) group has been leveraging the current pandemic to spread new malware deemed “Vicious Panda.” Security researchers stated that they had identified two suspicious Rich Text Format files targeting the Mongolian public sector. The RTF files execute a unique remote access trojan that takes screenshots of the victim’s device, develops a list of files and directories, downloads files, and more functions.
The campaign, according to researchers at Check Point, seems to be the latest iteration of a long term Chinese based operation that targets a variety of global organizations. This campaign, in particular, capitalizes on the COVID-19 outbreak to lure victims to initiate the infection chain. The emails involved in this scheme fraudulently claim to be from the Mongolian Ministry of Foreign Affairs and falsely inform victims of new coronavirus infections. The files attached to the emails trigger an infection that takes over the device.
Gloss