{"id":33807,"date":"2020-03-13T02:00:00","date_gmt":"2020-03-13T02:00:00","guid":{"rendered":"http:\/\/4484be19-d000-4ffe-92d7-8b1b5265a3ad"},"modified":"2020-03-13T02:00:00","modified_gmt":"2020-03-13T02:00:00","slug":"state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/","title":{"rendered":"State-sponsored hackers are now using coronavirus lures to infect their targets"},"content":{"rendered":"<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet1.cbsistatic.com\/hub\/i\/2020\/02\/26\/4789c612-1629-4729-8328-3865532a8dc9\/coronavirus.jpg\" class alt=\"coronavirus.jpg\"><\/span><\/p>\n<p>Government-backed hacking groups from China, North Korea, and Russia are not letting a global pandemic go to waste and have begun using coronavirus-based phishing lures as part of their efforts to infect victims with malware and gain access to their infrastructure.<\/p>\n<p>During the past weeks, the cyber-security community has seen state-sponsored hackers from China, North Korea, and Russia attempt these tactics.<\/p>\n<p>The use of the COVID-19 (coronavirus) lure is not actually a surprise for those who have followed the information security (infosec) industry enough.<\/p>\n<p>Cyberspies have not let a tragedy or national disaster go to waste. From the Paris terror attack of November 2015 to the oppression of the Uyghur population in China, state-sponsored groups have always crafted their email lures to achieve the maximum results at a certain given time, and, historically, tragic events have always presented the best lures.<\/p>\n<h3>Russia<\/h3>\n<p>The first state-sponsored hacking group to employ a coronavirus lure was the Hades group, believed to be operating out of Russia, and with a tie to APT28 (Fancy Bear), one of the groups who also hacked the DNC in 2016.<\/p>\n<p>According to cyber-security firm <a href=\"https:\/\/twitter.com\/RedDrip7\/status\/1230683740508000256\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">QiAnXin<\/a>, Hades hackers carried out a campaign in mid-February when they hid <a href=\"https:\/\/mp.weixin.qq.com\/s\/o6KC0k43AuOY5F8FKGbmMg\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">a C# backdoor trojan<\/a> in bait documents containing the latest news regarding COVID-19.<\/p>\n<p>The documents were sent to targets in Ukraine, disguised as emails coming from the Center for Public Health of the Ministry of Health of Ukraine.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p>The targeted emails appear to have been part of a larger disinformation campaign that hit the entire country, on different fronts.<\/p>\n<p>First, at the same time Hades was targeting its targets, a wave of coronavirus-themed spam emails hit the country. Second, the email campaign was followed by a flood of messages on social media claiming the COVID-19 disease had arrived in the country.<\/p>\n<p>According to a BuzzFeed News report, one of these emails went viral, and supported by the wave of social media scaremongering <a href=\"https:\/\/www.buzzfeednews.com\/article\/christopherm51\/coronavirus-ukraine-china\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">led to a general panic and violent riots<\/a> in some part of the country.<\/p>\n<p>BuzzFeed News reported that in some Ukrainian cities residents blocked hospitals fearing their children could get infected by coronavirus-infected evacuees coming from Ukraine&#8217;s war-torn eastern region.<\/p>\n<p>In this general panic, a few malware-laced emails had a much higher chance of passing undetected and reaching their targets, most of whom were most likely interested in the current events unfolding in the country.<\/p>\n<h3>North Korea<\/h3>\n<p>The next country to weaponize COVID-19 for spear-phishing lures was North Korea, at the end of February, although in a campaign that was nowhere near as sophisticated like the one that hit Ukraine.<\/p>\n<p>According to a tweet shared by South Korean cyber-security firm <a href=\"https:\/\/twitter.com\/issuemakerslab\/status\/1233010155018604545\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">IssueMakersLab<\/a>, a group of North Korean hackers also hid malware inside documents detailing South Korea&#8217;s response to the COVID-19 epidemic.<\/p>\n<p>The documents &#8212; believed to have been sent to South Korean officials &#8212; were boobytrapped with <a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/details\/win.babyshark\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">BabyShark<\/a>, a malware strain previously utilized by a North Korean hacker group known as Kimsuky.<\/p>\n<h3>China<\/h3>\n<p>But the most malware campaigns using coronavirus themes came from China, all being sent out over the past two weeks, just as China had pulled out of its own COVID-19 crisis.<\/p>\n<p>The first of the two happened at the start of this month. Vietnamese cyber-security firm <a href=\"https:\/\/blog.vincss.net\/2020\/03\/re012-phan-tich-ma-doc-loi-dung-dich-COVID-19-de-phat-tan-gia-mao-chi-thi-cua-thu-tuong-Nguyen-Xuan-Phuc.html\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">VinCSS<\/a> detected a Chinese state-sponsored hacking group (codenamed Mustang Panda) spreading emails with a RAR file attachment purporting to carry a message about the coronavirus outbreak from the Vietnamese Prime Minister.<\/p>\n<p>The attack, also confirmed by CrowdStrike, installed a basic backdoor trojan on the computers of users who downloaded and unzipped the file.<\/p>\n<div class=\"twitterContainer\" readability=\"6.25\">\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" readability=\"6.6666666666667\">\n<p lang=\"en\" dir=\"ltr\">Don\u2019t know about the IRGC, but MUSTANG PANDA is on the COVID-19 grind:<a href=\"https:\/\/t.co\/Uxjasy0knz\" rel=\"noopener noreferrer nofollow\" target=\"_blank\" data-component=\"externalLink\">https:\/\/t.co\/Uxjasy0knz<\/a><\/p>\n<p>Rule #7 in the targeted intrusion playbook: Pandemics make great lure material<\/p>\n<p>\u2014 Matt Dahl (@voodoodahl1) <a href=\"https:\/\/twitter.com\/voodoodahl1\/status\/1235735588189245441?ref_src=twsrc%5Etfw\" rel=\"noopener noreferrer\" target=\"_blank\" data-component=\"externalLink\">March 6, 2020<\/a><\/p><\/blockquote>\n<\/div>\n<p>The second attack was detailed today by <a href=\"https:\/\/research.checkpoint.com\/2020\/vicious-panda-the-covid-campaign\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">another cyber-security firm<\/a>. The company said it had been tracking another Chinese group called Vicious Panda that had been targeting Mongolian government organizations with documents claiming to hold information about the prevalence of new coronavirus infections.<\/p>\n<hr>\n<p>These attacks from cyber-espionage groups aren&#8217;t the only ones feeding on the COVID-19 global panic, though.<\/p>\n<p>Regular cybercrime gangs have also been using the same lure for just as long as professional cyberspies, according to <a href=\"https:\/\/www.zdnet.com\/article\/nasty-phishing-scams-aim-to-exploit-coronovirus-fears\/\" target=\"_blank\" rel=\"noopener noreferrer\">a ZDNet report published last week<\/a>, citing findings from Fortinet, Sophos, Proofpoint, and others.<\/p>\n<div class=\"relatedContent alignNone\">\n<h3 class=\"heading\"><span class=\"int\">Coronavirus Updates<\/span><\/h3>\n<\/div>\n<p>READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chinese, North Korean, and Russian government cyberspies caught using COVID-19-themed emails to infect victims with malware.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":33808,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-33807","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>State-sponsored hackers are now using coronavirus lures to infect their targets 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"State-sponsored hackers are now using coronavirus lures to infect their targets 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-13T02:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"656\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"State-sponsored hackers are now using coronavirus lures to infect their targets\",\"datePublished\":\"2020-03-13T02:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/\"},\"wordCount\":734,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/\",\"name\":\"State-sponsored hackers are now using coronavirus lures to infect their targets 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg\",\"datePublished\":\"2020-03-13T02:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg\",\"width\":1024,\"height\":656},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"State-sponsored hackers are now using coronavirus lures to infect their targets\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"State-sponsored hackers are now using coronavirus lures to infect their targets 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/","og_locale":"en_US","og_type":"article","og_title":"State-sponsored hackers are now using coronavirus lures to infect their targets 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-03-13T02:00:00+00:00","og_image":[{"width":1024,"height":656,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"State-sponsored hackers are now using coronavirus lures to infect their targets","datePublished":"2020-03-13T02:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/"},"wordCount":734,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/","url":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/","name":"State-sponsored hackers are now using coronavirus lures to infect their targets 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg","datePublished":"2020-03-13T02:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets.jpg","width":1024,"height":656},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"State-sponsored hackers are now using coronavirus lures to infect their targets"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=33807"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33807\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/33808"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=33807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=33807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=33807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}