{"id":34298,"date":"2020-04-08T21:55:00","date_gmt":"2020-04-08T21:55:00","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/d\/d-id\/1337523"},"modified":"2020-04-08T21:55:00","modified_gmt":"2020-04-08T21:55:00","slug":"after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/","title":{"rendered":"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header>\n<\/header>\n<p><span class=\"strong black\">While coronavirus-themed emails and files have been used as a lure for weeks, attackers now are searching for ways to actively target VPNs and remote workers to take advantage of weaker security.<\/span> <\/p>\n<p class=\"p1\">Since February, a variety of advanced cybercriminals have adopted themes around the evolving coronavirus pandemic in attempts to convince targeted users to click on phishing links or install malware. Now attackers are actively attempting to take advantage of the vulnerable infrastructure exposed by the massive number of employees working from home, security experts and government agencies warned this week.<\/p>\n<p class=\"p2\">In a single 24-hour period, Microsoft detected a massive phishing campaign using 2,300 different Web pages attached to messages and disguised as COVID-19 financial compensation information that actually lead to a fake Office 365 sign-in page to capture credentials, the company stated in a blog post published today. Cybercriminals are also actively discussing the collaboration platforms, virtual private networks (VPNs), and systems currently used by companies for remote work, threat-intelligence platform IntSights stated in an advisory published Tuesday.&nbsp;<\/p>\n<p class=\"p2\">&#8220;The biggest change is not the type of attacks but the situation where you have the majority of the workforce working from home,&#8221; says Etay Maor, chief security officer for IntSights. &#8220;Workers are making some basic security hygiene mistakes, and the threat actors have been made aware of this \u2014 these issues are constantly being discussed, and the criminals are very agile to adapting to new situations.&#8221;<\/p>\n<p class=\"p2\">Coronavirus themes have become the favored approach for many cybercriminals to trick users into falling prey to the latest attacks, and advanced groups often use the approach as well. Chinese, Russian, and North Korean cyber-espionage groups have all adopted pandemic-themed lures for phishing attacks and targeted efforts. Now the Maze cybercriminal group, the Pakistan-linked APT36, and the financial-focused FIN7 group have adopted the techniques as well.<\/p>\n<p class=\"p2\">A joint advisory issued today by US and UK cyber defense agencies warned that activity by advanced persistent threat (APT) groups has risen significantly.<\/p>\n<p class=\"p2\">&#8220;APT groups are using the COVID-19 pandemic as part of their cyber operations,&#8221; <a href=\"https:\/\/www.us-cert.gov\/ncas\/alerts\/aa20-099a\" target=\"_blank\" rel=\"noopener noreferrer\">the advisory stated<\/a>. &#8220;These cyber threat actors will often masquerade as trusted entities. Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised. Their goals and targets are consistent with long-standing priorities such as espionage and &#8216;hack-and-leak&#8217; operations.&#8221;<\/p>\n<p class=\"p1\">The overall volume of attacks is not necessarily growing, but various groups are switching to COVID-19 themes to convince concerned end users to click on links, install malware, or fall for fraud, said Rob Lefferts, corporate vice president for Microsoft 365 Security, <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/04\/08\/microsoft-shares-new-threat-intelligence-security-guidance-during-global-crisis\/\" target=\"_blank\" rel=\"noopener noreferrer\">in a blog post<\/a>&nbsp;today. These attacks, however, account for less than 2% of all attacks seen by Microsoft on a daily basis, he stated.<\/p>\n<p class=\"p1\">&#8220;Attackers don&#8217;t suddenly have more resources they&#8217;re diverting towards tricking users; instead they&#8217;re pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords that get us to click,&#8221; Lefferts wrote, adding, &#8220;the overall volume of threats is not increasing but attackers are shifting their techniques to capitalize on fear.&#8221;<\/p>\n<p class=\"p1\">Of particular worry for security teams and national cybersecurity agencies is the mass move to remote work. The Cyber Infrastructure Security Agency (CISA), for example, has seen increased scanning for vulnerabilities in Citrix&#8217;s Application Delivery Controller and Gateway products.&nbsp;<\/p>\n<p class=\"p1\">&#8220;Many organizations have rapidly deployed new networks, including VPNs and related IT infrastructure, to shift their entire workforce to teleworking,&#8221; CISA said in its advisory. &#8220;Malicious cyber actors are taking advantage of this mass move to telework by exploiting a variety of publicly known vulnerabilities in VPNs and other remote working tools and software.&#8221;<\/p>\n<p class=\"p1\">In March, security firm Malwarebytes <a href=\"https:\/\/blog.malwarebytes.com\/threat-analysis\/2020\/03\/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat\/\" target=\"_blank\" rel=\"noopener noreferrer\">published research<\/a> demonstrating that the Pakistan-linked APT36 had begun using COVID-19 themes for spear-phishing and watering hole attacks. The group, which conducts cyber espionage against Indian political and diplomatic targets, attempted to fake health advisory documents to drop a remote-access tool known as CrimsonRAT.<\/p>\n<p class=\"p1\">The current targets continue to be &#8220;based on the threat actors&#8217; intents and motivations and usually is aligned with their past campaigns,&#8221; stated the Malwarebytes Threat Intelligence Team in response to questions from Dark Reading. &#8220;For example, Kimsuky is a group that has been known to target South Korean users and this is visible in their COVID-19 campaign customized for this particular demographic.&#8221;<\/p>\n<p class=\"p1\">Microsoft has taken a proactive approach to finding vulnerable networks that could be targeted by nation-state and cybercriminal groups, especially those belonging to healthcare firms, and helping them close the gaps.<\/p>\n<div dir=\"auto\" readability=\"10.829457364341\">In a <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2020\/04\/01\/microsoft-works-with-healthcare-organizations-to-protect-from-popular-ransomware-during-covid-19-crisis-heres-what-to-do\/\" target=\"_blank\" rel=\"noopener noreferrer\">blog<\/a> published at the beginning of April, the company said sophisticated cybercriminal groups had targeted several dozens of hospitals, so Microsoft identified those organizations that had vulnerable gateway and VPN appliances in their infrastructure.&nbsp;<\/div>\n<p>&#8220;To help these hospitals, many already inundated with patients, we sent out a &#8230; targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others,&#8221; Microsoft stated.<\/p>\n<p class=\"p3\"><strong>Related Content:<\/strong><\/p>\n<p><strong>Check out<\/strong> <a href=\"https:\/\/www.darkreading.com\/edge.asp\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>The Edge<\/strong><\/a><strong>, Dark Reading&#8217;s new section for features, threat data, and in-depth perspectives. Today&#8217;s top story: &#8220;<\/strong><a href=\"https:\/\/www.darkreading.com\/theedge\/5-soothing-security-products-we-wish-existed\/b\/d-id\/1337459\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>5 Soothing Security Products We Wish Existed<\/strong><\/a><strong>.&#8221;<\/strong><\/p>\n<p><span class=\"italic\">Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT&#8217;s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=1161\">View Full Bio<\/a><\/span> <\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p> Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/d\/d-id\/1337523?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>While coronavirus-themed emails and files have been used as a lure for weeks, attackers now are searching for ways to actively target VPNs and remote workers to take advantage of weaker security. Read More <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/d\/d-id\/1337523?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-34298","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-08T21:55:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers\",\"datePublished\":\"2020-04-08T21:55:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/\"},\"wordCount\":919,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/\",\"name\":\"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"datePublished\":\"2020-04-08T21:55:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\",\"contentUrl\":\"https:\\\/\\\/twimgs.com\\\/nojitter\\\/darkreading\\\/dr-logo.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/","og_locale":"en_US","og_type":"article","og_title":"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-04-08T21:55:00+00:00","og_image":[{"url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers","datePublished":"2020-04-08T21:55:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/"},"wordCount":919,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/","url":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/","name":"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/#primaryimage"},"thumbnailUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","datePublished":"2020-04-08T21:55:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/#primaryimage","url":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg","contentUrl":"https:\/\/twimgs.com\/nojitter\/darkreading\/dr-logo.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/after-adopting-covid-19-lures-sophisticated-groups-target-remote-workers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34298"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34298\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}