1 MONGOLIA MARKS CENTENNIAL WITH A NEW COURSE FOR CHANGE WWW.EASTASIAFORUM.ORG PUBLISHED:2024/12/20      2 E-MART OPENS FIFTH STORE IN ULAANBAATAR, MONGOLIA, TARGETING K-FOOD CRAZE WWW.BIZ.CHOSUN.COM PUBLISHED:2024/12/20      3 JAPAN AND MONGOLIA FORGE HISTORIC DEFENSE PACT UNDER THIRD NEIGHBOR STRATEGY WWW.ARMYRECOGNITION.COM  PUBLISHED:2024/12/20      4 CENTRAL BANK LOWERS ECONOMIC GROWTH FORECAST TO 5.2% WWW.UBPOST.MN PUBLISHED:2024/12/20      5 L. OYUN-ERDENE: EVERY CITIZEN WILL RECEIVE 350,000 MNT IN DIVIDENDS WWW.GOGO.MN PUBLISHED:2024/12/20      6 THE BILL TO ELIMINATE THE QUOTA FOR FOREIGN WORKERS IN MONGOLIA HAS BEEN SUBMITTED WWW.GOGO.MN PUBLISHED:2024/12/20      7 THE SECOND NATIONAL ONCOLOGY CENTER TO BE CONSTRUCTED IN ULAANBAATAR WWW.MONTSAME.MN PUBLISHED:2024/12/20      8 GREEN BOND ISSUED FOR WASTE RECYCLING WWW.MONTSAME.MN PUBLISHED:2024/12/19      9 BAGANUUR 50 MW BATTERY STORAGE POWER STATION SUPPLIES ENERGY TO CENTRAL SYSTEM WWW.MONTSAME.MN PUBLISHED:2024/12/19      10 THE PENSION AMOUNT INCREASED BY SIX PERCENT WWW.GOGO.MN PUBLISHED:2024/12/19      КОКС ХИМИЙН ҮЙЛДВЭРИЙН БҮТЭЭН БАЙГУУЛАЛТЫГ ИРЭХ ОНЫ ХОЁРДУГААР УЛИРАЛД ЭХЛҮҮЛНЭ WWW.MONTSAME.MN НИЙТЭЛСЭН:2024/12/20     "ЭРДЭНЭС ТАВАНТОЛГОЙ” ХК-ИЙН ХУВЬЦАА ЭЗЭМШИГЧ ИРГЭН БҮРД 135 МЯНГАН ТӨГРӨГ ӨНӨӨДӨР ОЛГОНО WWW.MONTSAME.MN НИЙТЭЛСЭН:2024/12/20     ХУРИМТЛАЛЫН САНГИЙН ОРЛОГО 2040 ОНД 38 ИХ НАЯДАД ХҮРЭХ ТӨСӨӨЛӨЛ ГАРСАН WWW.NEWS.MN НИЙТЭЛСЭН:2024/12/20     “ЭРДЭНЭС ОЮУ ТОЛГОЙ” ХХК-ИАС ХЭРЛЭН ТООНО ТӨСЛИЙГ ӨМНӨГОВЬ АЙМАГТ ТАНИЛЦУУЛЛАА WWW.EAGLE.MN НИЙТЭЛСЭН:2024/12/20     Л.ОЮУН-ЭРДЭНЭ: ХУРИМТЛАЛЫН САНГААС НЭГ ИРГЭНД 135 МЯНГАН ТӨГРӨГИЙН ХАДГАЛАМЖ ҮҮСЛЭЭ WWW.EAGLE.MN НИЙТЭЛСЭН:2024/12/20     “ENTRÉE RESOURCES” 2 ЖИЛ ГАРУЙ ҮРГЭЛЖИЛСЭН АРБИТРЫН МАРГААНД ЯЛАЛТ БАЙГУУЛАВ WWW.BLOOMBERGTV.MN НИЙТЭЛСЭН:2024/12/20     “ORANO MINING”-ИЙН ГЭРЭЭ БОЛОН ГАШУУНСУХАЙТ-ГАНЦМОД БООМТЫН ТӨСЛИЙН АСУУДЛААР ЗАСГИЙН ГАЗАР ХУРАЛДАЖ БАЙНА WWW.BLOOMBERGTV.MN НИЙТЭЛСЭН:2024/12/20     АЖИЛЧДЫН САРЫН ГОЛЧ ЦАЛИН III УЛИРЛЫН БАЙДЛААР ₮2 САЯ ОРЧИМ БАЙНА WWW.BLOOMBERGTV.MN НИЙТЭЛСЭН:2024/12/19     PROGRESSIVE EQUITY RESEARCH: 2025 ОН “PETRO MATAD” КОМПАНИД ЭЭЛТЭЙ БАЙХААР БАЙНА WWW.BLOOMBERGTV.MN НИЙТЭЛСЭН:2024/12/19     2026 ОНЫГ ДУУСТАЛ ГАДААД АЖИЛТНЫ ТОО, ХУВЬ ХЭМЖЭЭГ ХЯЗГААРЛАХГҮЙ БАЙХ ХУУЛИЙН ТӨСӨЛ ӨРГӨН МЭДҮҮЛЭВ WWW.EAGLE.MN НИЙТЭЛСЭН:2024/12/19    

Chinese Hackers Are Using The Coronavirus To Go After Mongolia www.buzzfeednews.com

A group of hackers based in China has leveraged the coronavirus crisis to attack the public and telecom sectors in Mongolia by impersonating the country’s foreign ministry, according to cybersecurity firm Check Point.

The attack, which researchers at Check Point dubbed "Panda-19," faked two documents from the Mongolian minister of foreign affairs. The documents were disguised as updates on the prevalence of the coronavirus cases in Mongolia, but opening them would infect the target’s computer with a tool called RoyalRoad, which would take over the devices without users' knowledge.

The hackers, who have not been identified, have been in operation since 2016 — and the outbreak of the virus has not slowed them down.

“It seems like the situation in China hasn't been affecting this group,” Lotem Finkelstein, Check Point's head of threat intelligence, told BuzzFeed News.

“It is still unclear why they were targeting these specific organizations,” Finkelstein said. “But we know that they were trying to steal documents and to remote control these systems.”

Once the attachment in the email was opened and downloaded, malware would control the infected computer, allowing the attackers to take screenshots and steal information. According to Finkelstein, gaining remote access is a “very advanced capability.”

As a result of the Panda-19 attack, Finkelstein said they were able to fingerprint the group, meaning they can now track it further and help thwart future attacks. The Chinese hackers, previously known for their operations in the Eastern Hemisphere, frequently go after high-profile targets like Russian telecom companies and targets in Ukraine and Belarus.

The coronavirus hacking attacks are going to get worse before they get better, Finkelstein said. “We have seen them active for four years with no intention to stop,” he said. “So we believe that they will use the coronavirus situation [because] it is very effective.”

Check Point has also been tracking malicious domain registrations using COVID-19 keywords. Another firm, Reason Cybersecurity, has tracked fake coronavirus tracking websites set up by hackers attempting to infect users with malware. The data is genuine, Hacker News reported — but if users were to download the app, their passwords would be stolen.

Other researchers have also pointed to a high amount of phishing emails using the coronavirus as lures. These attackers have impersonated the CDC, the World Health Organization, and executives or members of HR departments.

“Coronavirus has been exhausting for us,” Sherrod DeGrippo, senior director of the threat research and detection team at Proofpoint, previously told BuzzFeed News.



Published Date:2020-03-13