State-sponsored hackers using the coronavirus crisis as part of their campaigns

State-sponsored hackers from North Korea, China, and Russia are taking advantage of the COVID-19 epidemic to distribute coronavirus-themed emails containing malware.

Today, we will be looking at what hackers from each of these countries are doing, allowing you to keep your eyes peeled and not fall victim to their malware campaigns.


Hades, a group of hackers believed to be associated with Fancy Bear, is suspected to originate from Russia.

During February, Hades was sending out documents with the latest news regarding the coronavirus epidemic.

The caveat is that the documents contained a hidden backdoor trojan written in C#.

The documents targeted Ukrainian individuals and masqueraded as emails coming from the Ukrainian Center for Public Health.

North Korea

At the end of February, a spear-phishing campaign was launched by North Korean hackers.

Compared to the campaign aimed at Ukrainian individuals, this one was not nearly as potent.

Much like the latter campaign, the North Korean hackers were distributing malware in coronavirus-themed documents presented as coming from South Korean officials.

The documents allegedly contained details regarding South Korea’s response to the epidemic.

The malware packaged inside is called BabyShark, which is what Kimsuky, a North Korean group of hackers, had utilised previously.


China appears to be the most prevalent source of malware campaigns that have taken advantage of the coronavirus epidemic.

In the past two weeks, their frequency has hit a new high.

One of the campaigns first noticed around the start of March distributed RAR files carrying a supposed message from the Vietnamese Prime Minister along with a backdoor trojan.

Vicious Panda, another hacker group, was sending out malware to Mongolian government organisations.

It is important to be aware of where you are getting your coronavirus information from – the documents spread via email may contain more than just misinformation.