The Federal Bureau of Investigation admitted a few days ago that the Covid-19 pandemic had provided hackers and other groups with a favorable situation to exploit. “As of May 28, 2020, the Internet Crime Complaint Center (IC3) received nearly the same amount of complaints in 2020 (about 320,000) as they had for the entirety of 2019 (about 400,000),” said Calvin A. Shivers, assistant director of the FBI’s Criminal Investigative Division.
APT proxies seemed to be extraordinarily active across South East Asia and the Middle East. Inbound attacks from actors who seem to carry some degree of affiliations with APT38, 39, and 40 operating from proxy locations launched large scale attacks against critical infrastructure and manufacturing centers across the globe.
About 75,000 of the attacks isolated by Subex’s threat team indicated the footprint of APT groups but with some modification as some waves of attacks were carried out using old variants of known Malware such as Mirai. Such a mix indicates the involvement of actors who are not on the payroll of these APT teams but have been hired for specific missions. The exact nature of their mission is still unknown but industrial espionage cannot be ruled out if one were to go by our experience with similar activities in the past.
Other than these groups, cyberattacks from some locations in Eastern Europe also registered a spike last week. Most of these attacks were directed against IoT deployments.
Weekly advisory
We expect the attacks on these sectors to grow this week
- Government websites and agencies – especially lawmakers and government agencies connected with internal/homeland security
- Manufacturing plants and maritime agencies
- Defense establishments
- Healthcare
- Utility entities
- Financial services