Hackers planning phishing attack with fake MOM e-mails: cybersecurity firm

HACKERS could target Singapore businesses on Sunday with a spoofed Ministry of Manpower (MOM) e-mail promising additional subsidies for each of their employees, a cyber security group warned on Thursday.

Singapore and Tokyo-headquartered Cyfirma said an online threat assessment it conducted between June 1 and 16 revealed that prominent hacker group Lazarus Group was planning a phishing campaign targeting over five million people and businesses.

The targets are in six countries whose governments have announced fiscal support to individuals and businesses in light of the pandemic: Singapore, Japan, South Korea, India, the US and the UK.

The Cyber Security Agency of Singapore said in a statement late on Friday that it has notified "relevant parties"about the potential phishing campaign, and has issued an advisory for businesses and individuals to be on the lookout.

"Opportunistic cyber criminals have been using the Covid-19 situation to conduct malicious cyber activities, and, with the increasing reliance on the Internet during this period, it is important to be vigilant," it added.

Meanwhile, MOM said it had "received information regarding a potential phishing campaign that will be targeting businesses during this period".

GET BT IN YOUR INBOX DAILY

Start and end each day with the latest news stories and analyses delivered straight to your inbox.

Sign UpVIEW ALL

"The hackers plan to use a spoofed MOM e-mail address... (and) the Covid-19 support fund as a lure to get recipients to click on the embedded phishing link."

"Please use only the official MOM website for all info and transactions on MOM matters," it added.

Investigations by cyber security platform Cyfirma into the hacker group's activities found seven e-mail templates impersonating government agencies, departments and trade associations tasked with overseeing the disbursement of such form of fiscal aid.

Cyfirma added that its researchers have been tracking Lazarus Group "for many years".

For Singapore, the hackers - who claim to have 8,000 business contact details - will target businesses with a phishing email on June 21, Cyfirma said.

This e-mail will be sent from a spoofed MOM account announcing a fake government initiative to give businesses an additional one-time subsidy of S$750 per employee, it added.

Recipients will then be directed to fake websites, where they will be tricked into divulging personal and financial information, Cyfirma said.

The cybersecurity firm added that as at Thursday, it had not detected such fake websites, but said its research showed hackers were planning to set them up within the next 24 hours.

E-mail template impersonating MOM account discovered by Cyfirma researchers:

E-mail template translated by Cyfirma: