Thought leadership. threat analysis, news and alerts.
APT actors are actively targeting organizations involved in both national and international COVID-19 responses. These organizations include healthcare bodies, pharmaceutical companies, academia, medical research organizations, and local governments.
APT actors frequently target organizations in order to collect bulk personal information, intellectual property, and intelligence that aligns with national priorities.
The pandemic has likely raised additional interest for APT actors to gather information related to COVID-19. For example, actors may seek to obtain intelligence on national and international healthcare policy, or acquire sensitive data on COVID-19-related research.
Recently CISA and NCSC have seen APT actors scanning the external websites of targeted companies and looking for vulnerabilities in unpatched software. Actors are known to take advantage of Citrix vulnerability CVE-2019-19781, and vulnerabilities in virtual private network (VPN) products from Pulse Secure, Fortinet, and Palo Alto.,
A number of other mitigations will be of use in defending against the campaigns detailed in this report:
Steve E. Driz, I.S.P., ITCP