Criminal groups are exploiting the COVID‐19 pandemic to target healthcare systems and critical IT infrastructure all over the world. The COVID‐19 Cyber Threat Coalition has created a platform to collect, assess, and share threat intelligence data to effectively prevent, detect and respond to threats.
This alert highlights those threats.
CCTC Top Indicators
A continuously updated comprehensive list of the vetted top threat indicators (domains, hashes,
IPs, and URLs) by the COVID-19 Cyber Threat Coalition can be found here:
General News & Advisories
- The weekly COVID19 Cyber Threat Coalition Town Hall took place on Thursday 4/30. A full
replay can be found on the CCTC YouTube channel:
- EUROPOL: BEYOND THE PANDEMIC – WHAT WILL THE CRIMINAL LANDSCAPE LOOK LIKE AFTER
o New Europol report assesses the impact of the pandemic on serious and organized crime
across three phases
- Cyber Shield Bulletin – April 30, 2020
- Criminals Quick to Exploit COVID-19 Crisis in Europe
- Michigan Man Charged With COVID-19-Related Wire Fraud Scheme
- Measuring Abuse: How Much COVID-Related Abuse Is There, Really?
Indicators of Compromise
- COVID-19 fraudulent domains, malware hashes, and emails
- Indicators include 200+ domains/URLs/hostnames, along with 4 hashes, which can be found at
this link: https://otx.alienvault.com/pulse/5eaad977d4146a7212cbe3b0
- Email Addresses tied to Coronavirus “test-kits” and “N95 surgical masks” scam
o Indicators include 1 domain, 1 hostname, and 36 emails, which can be found at this link:
- Here is a bucket of email addresses, about half of which are tied to a list of 39 domains found
earlier this week, which were posted to the anti-fraud/ anti-BEC forum StopScamFraud (Medical
Scams). These are all tied to a scam advertising N95 face masks and Coronavirus test kits.
If anyone has any information related to this alert, the GIOC can be contacted at GIOC@usss.dhs.gov.
Sources & Additional Resources:
- United States Secret Service
- COVID-19 Exploited by Malicious Cyber Actors. Alert (AA20-099A)
- Fact Sheet: DHS is Taking on COVID-19 Related Fraud
- Department of Justice Announces Disruption of Hundreds of Online COVID-19 Related Scams
- Threat actors exploiting the novel corona virus epidemic
- Remote Cyber Security Solutions Suite
- Increase in Extortionate Emails – USSS Information Alert
- Cyber Emergency Response – Incident Response Retainer
Is your company hit by a Cyber Crime? Contact LIFARS today for 24/7 help, more information and guidance!