HC3 Analyst Note TLP White: PPE-Themed Phishing Campaign Exploits COVID Shortages to Spread Malware

August 27, 2020

A new phishing campaign is using COVID-19 personal protective equipment (PPE)-themed lures to spread Agent Tesla malware. This difficult-to-detect remote access Trojan (RAT) provides attackers with a dashboard to monitor the malware’s keylogging and information stealing capabilities. The sophisticated malware campaign uses a 10-day cycle of rotated IP addresses and malware hashes to evade detection and increase the chances that a victim downloads and executes the malware. While the attackers have used a similar email body text throughout the campaign, the phishing emails imitate employees at actual chemical manufacture and import/export companies. Organizations should train their employees to avoid opening and executing email attachments and immediately scan any devices suspected to be infected.

Key Resources

Related Resources

Advisory
Agencies Issue Advisory as Ransomware Group Accelerates Attacks on Health Care Sector
Public
Letter/Comment
AHA, Others Urge UnitedHealth Group to Provide Breach Notifications on Behalf of the Field
Public
Guides/Reports
2023 Costs of Caring
Public
Letter/Comment
AHA Letter to Senate Finance Committee for May 1 Hearing on Change Healthcare Cyberattack
Letter/Comment
AHA Letter to House E&C Subcommittee for May 1 Hearing on Change Healthcare Cyberattack
Advisory
Homeland Security Proposes New Cyber Incident Reporting Requirements
Member