Phishing Campaign targeting citizens abroad using COVID-19 theme lures

Telsy Threat Intelligence team has identified a phishing campaign that appears to be targeting citizens abroad by exploiting the COVID-19 theme associated with a potential embassy lockdown status.

Introduction

The phishing email contains an HTML attachment whose title is 'Covid Information'. Opening it decodes and saves an ISO file on the victim’s system, which in turn contains an HTA file.

Executing the HTA file starts the PowerShell that will have the task of decrypting and executing a Cobalt Strike beacon in memory.

Threat actors continue to use COVID-19 theme lures in campaigns targeting multiple industries and geographic areas.

Unfortunately, we were unable to retrieve enough data to associate the discovered malicious activity to a known actor or threat group and the ultimate objective of the threat actors is currently unknown.

Fill the form below to download the full report

Check other cyber reports on our blog.

This report was produced by Telsy’s “Cyber Threat Intelligence” team with the help of its CTI platform, which allows to analyze and stay updated on adversaries and threats that could impact customers’ business.