Coronavirus (COVID-19) has become a global pandemic, upending economies, livelihoods, schools and hospital systems—nearly every facet of everyday life has been touched.

Such uncertainty and fear surrounding the virus and its impact represents a golden opportunity for threat actors to exploit the situation.

Since January 2020, cybercriminal organizations such as Advanced Persistent Threat (APT) groups have done just that, targeting government and non-government victims with spear phishing campaigns using COVID-19 as a lure.

In this paper, we:

• Provide an overview of several different APT groups using coronavirus as a lure
• Categorize APT groups according to techniques used to spam or send phishing emails
• Describe various attack vectors, timeline of campaigns, and malicious payloads deployed
• Analyze use of COVID-19 lure and code execution