APTs and COVID-19: How advanced persistent threats use the coronavirus as a lure

Coronavirus (COVID-19) has become a global pandemic, upending economies, livelihoods, schools and hospital systems—nearly every facet of everyday life has been touched.

Such uncertainty and fear surrounding the virus and its impact represents a golden opportunity for threat actors to exploit the situation.

Since January 2020, cybercriminal organizations such as Advanced Persistent Threat (APT) groups have done just that, targeting government and non-government victims with spear phishing campaigns using COVID-19 as a lure.

In this paper, we:

  • Provide an overview of several different APT groups using coronavirus as a lure
  • Categorize APT groups according to techniques used to spam or send phishing emails
  • Describe various attack vectors, timeline of campaigns, and malicious payloads deployed
  • Analyze use of COVID-19 lure and code execution


Share content on email