Security News > 2020 > December > US seizes domains used for COVID-19 vaccine phishing attacks
The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines.
While almost perfectly cloning the contents of the real sites, the website seized by the federal government were instead used for various malicious purposes including running scams, infecting visitors with malware, and collecting sensitive info in phishing attacks.
Threat actors have also targeted organizations involved in COVID-19 research and in the COVID-19 vaccine cold chain involving storing and delivering it at safe temperatures.
Vaccine research organizations from Canada, UK, and the US have been targeted throughout the year by the Russian state-sponsored APT29 hacking group with the end goal of harvesting intellectual property related to the vaccine's development and testing.
Threat actors affiliated with the People's Republic of China have also been involved in similar attacks according to a joint public service announcement issued by the FBI and DHS-CISA. Last but not least, Microsoft has also taken down domains used in COVID-19-related cybercrime such as harvesting sensitive information, later to be used in Business Email Compromise attacks.
News URL
Related news
- How Phishing Attacks Adapt Quickly to Capitalize on Current Events (source)
- Google raps Iran's APT42 for raining down spear-phishing attacks (source)
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait (source)
- How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- Iran Cyber Attack: Fox Kitten Facilitates Ransomware in US (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)