Washington — A leading cyber security firm says criminals and a group affiliated with China are capitalizing on growing fears over the coronavirus, leading to a spike in malicious online activity.
“They’ve been sending people emails to prey on people’s fears and open attachments,” Adam Meyers, a vice president at CrowdStrike, told CBS News in an exclusive interview. Meyers said the first indication of an uptick in activity centered around the coronavirus, known as COVID-19, emerged in Asia.
“In criminal and nation-state attacks, we have actually observed these things move East to West,” he said. “We have watched criminal actors, for example, target financial institutions in Asia and then move across Europe, into the United States, as they develop their tactics and capabilities. So I think this is a good example of where that could happen. And it’s following the path of the virus.”
As the virus spreads now spreads within the U.S., Meyers revealed new intelligence and images showing how CrowdStrike has tracked the emerging threat. He said a China-based adversary known as PIRATE PANDA uses major news events as a lure to implant malware that allows remote access to a victim’s computer network. An earlier effort in January tried to capitalize on the U.S. strike that killed an Iranian military leader, and a more recent file mimicked official health data about the coronavirus, featuring labels falsely suggesting it contained sensitive records.
“The Chinese government tends to have lots of intelligence requirements all over the world in support of various initiatives, the economic development initiative and things of that nature,” he said. “And so in this case they are using this theme, this scare of COVID-19, and using that to kind of entice victims to open up files.”
Another group, identified by CrowdStrike as MUMMY SPIDER, is using the coronavirus theme in an “email thread-hijacking technique” that “ultimately led victims to download malware.” So far, the identified emails have predominantly been written in Japanese and spoofed a Japanese health center. The security firm said the strategy can be used to steal financial information or login credentials, and expanded to other targets.
“Almost immediately as things started to escalate in Japan, [they] started using emails with COVID-19 as the theme to kind of prey on people’s fear in Japan of the potential of this virus spreading,” Meyers said.
While these examples come from overseas, CBS News asked Meyers if he expected to see the same strategies deployed against U.S. citizens.
“That is our big concern. We have 24-hour operations at CrowdStrike that are monitoring, looking for these types of threats, and very much out hunting to see if we can find any indication that threat actors have been begun using these themes to target US or more western targets,” he said, adding that it was a question not of “if,” but “when.”
CrowdStrike also reported a surge in queries from companies who anticipate employees will work from home over the next three months, which can leave company data more vulnerable.
“It is a target-rich environment,” Meyers said.
The tech executive said to be suspicious of any unsolicited emails with a coronavirus theme or requests for personal, banking or login information.