Security News > 2020 > December > Russian Cyberspies Use COVID-19 Vaccine Lures to Deliver Malware

The Russia-linked cyberspy group known as Zebrocy has adopted COVID-19 vaccine-related lures in a recently observed phishing campaign, threat detection and response company Intezer reported on Wednesday.
Initially detailed in 2018, Zebrocy is believed to be associated with the infamous Russian state-sponsored hacking group Sofacy.
In November, Intezer's security researchers observed Zebrocy phishing emails carrying lure documents about Chinese pharmaceutical company Sinopharm International Corporation, which has reached phase three clinical trials for a COVID-19 vaccine.
Initially, the adversary delivered the Zebrocy malware's Delphi variant to the victims, but in mid-November the attackers switched to using the Go version instead. First used in 2015, the Zebrocy malware functions as a downloader, but is also capable of collecting and exfiltrating information from the infected systems before fetching and executing a next stage payload. The Delphi version of the malware was the first to be used in attacks, with AutoIT, C++, C#, Delphi, Go, and VB.NET samples discovered afterwards.
Screenshots are uploaded to the C&C, which may respond with the next stage payload. During their investigation, Intezer's security researchers discovered another Go version of Zebrocy, used in previous attacks, as well as a second VHD file that was uploaded to VirusTotal in October, and which was dropping the Delphi version of the malware.
News URL
Related news
- Russians lure European diplomats into malware trap with wine-tasting invite (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian army targeted by new Android malware hidden in mapping app (source)
- Disney Slack attack wasn't Russian protesters, just a Cali dude with malware (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- Google links new LostKeys data theft malware to Russian cyberspies (source)
- North Korean Konni APT Targets Ukraine with Malware to track Russian Invasion Progress (source)
- PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms (source)