惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

MyScale Blog
MyScale Blog
Microsoft Azure Blog
Microsoft Azure Blog
H
Help Net Security
N
News and Events Feed by Topic
Recent Announcements
Recent Announcements
D
Docker
M
MIT News - Artificial intelligence
L
LangChain Blog
I
InfoQ
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
博客园_首页
MongoDB | Blog
MongoDB | Blog
美团技术团队
S
Schneier on Security
G
GRAHAM CLULEY
月光博客
月光博客
有赞技术团队
有赞技术团队
Vercel News
Vercel News
Scott Helme
Scott Helme
P
Privacy International News Feed
Last Week in AI
Last Week in AI
Recorded Future
Recorded Future
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
Attack and Defense Labs
Attack and Defense Labs
Google Online Security Blog
Google Online Security Blog
Simon Willison's Weblog
Simon Willison's Weblog
量子位
S
Security @ Cisco Blogs
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
V
Visual Studio Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
NISL@THU
NISL@THU
N
Netflix TechBlog - Medium
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Spread Privacy
Spread Privacy
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
小众软件
小众软件
罗磊的独立博客
Security Archives - TechRepublic
Security Archives - TechRepublic
T
Threatpost
L
Lohrmann on Cybersecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Security Affairs
Cloudbric
Cloudbric
爱范儿
爱范儿
H
Heimdal Security Blog
PCI Perspectives
PCI Perspectives

Intel 471 Blog

TeamPCP Supply Chain Attacks Turning Geopolitical Tension into Actionable Intelligence CVE-2025-68613: Zerobot botnet exploits critical vulnerability impacting n8n AI orchestration platform Introducing Cyber Threat Exposure Bundle: A Unified Approach to External Risk CVE-2026-20127: Critical Cisco SD-WAN vulnerability exploited in wild Handala Threat Group OpenClaw: A viral AI assistant and a magnet for infostealer malware and ClickFix trickery Israeli, US strikes against Iran triggers a surge in hacktivist activity CVE-2026-1731: Finding a critical RCE in an age of AI-driven vulnerability research Born to bypass MFA: Taking down Tycoon 2FA The UK Cyber Security Resilience Bill How AI and the human advantage beat tomorrow’s threats Winter Olympics 2026: Hacktivism Surges Ahead of Protests and Suspected Sabotage How Threat Hunting and “Good” Metrics Help The Business Likely fake ransomware operator 0APT causes panic — Our analysis Hunting APTs: from state policy to TTPs CrazyHunter Ransomware DevMan Ransomware Introducing HUNTER Tuning: a New Tool for Driving Behavioral Threat Hunt Detections Battling check fraud in the U.S. Gootloader Malware Update Shai-Hulud Worm 2.0 New FvncBot Android banking trojan targets Poland White Paper Preview: Black "Fraud Day” and Beyond — The Key Cyber Threats Facing the Retail Sector this Holiday Season Threat hunting case study: Detecting IAB activity Using deception to extract cyber threat intelligence Lynx Ransomware Qilin Ransomware Group ClickFix: Tricking users into installing infostealers Cybercrime Takedowns: Trust, Partnerships and Focus How card fraud is powered by underground card checkers Tracking down The Com Turning Chaos into Clarity: The Next Phase of Intel 471’s Geopolitical Intelligence Solution The FBI’s Group 78: Covertly fighting ransomware? How threat actors bypass multifactor authentication Crimson Collective In a digital age, US paper check fraud flourishes How you can defend against AI-driven fraud and phishing Detecting cybercriminal activity on Telegram NPM - Shai-Hulud Worm Threat hunting case study: ToolShell AMOS Stealer How AI can (and can’t) help in threat hunting The Phrack leak: Examining an APT’s workstation How initial access offers power intrusions and ransomware Drawing value from cyber threat intelligence “Pig-Butchering” Scams: The Dark Side of Social Engineering and Why Terminology Matters After disruption, XSS cybercrime forum faces loss of trust Update: Salt Typhoon Bridging the CTI Gap: New Exposure Modules on Verity471 Deliver Market-Disrupting Views of Threats Introducing Verity471: Cyber Threat Intelligence Ready to Operationalize FileFix Social Engineering Technique Guided Threat Hunts Takes Your Behavioral Threat Hunting to the Next Level Defending against doxing CVE-2025-53770 - Microsoft Sharepoint Mass Exploitation (ToolShell) Threat hunting case study: Lumma infostealer Pro-Russian hacktivism: Shifting alliances, new groups and risks mommy Access Broker NATO summit commences in tandem with tense cyber, kinetic conflict A look at ‘Tinker,’ Black Basta’s phishing fixer, negotiator Threat hunting case study: DragonForce Two critical challenges facing CTI teams and how to overcome them: Intel 471’s additional insights into the SANS 2025 CTI Survey Android malware trends: Stealthier, easier-to-use Fingerprinting threat actors by their anonymity techniques DanaBot malware disrupted, threat actors named Intel 471 brings HUNTER behavioral threat hunts to Google Security Operations SANS 2025 CTI Survey: It’s Business Time for Cyber Risk How an alleged Russian hacker slipped away Threat hunting case study: Medusa ransomware CVE-2025-31324 - SAP NetWeaver Vulnerability DragonForce Ransomware Managing a cyber crisis LabHost: A defunct but potent phishing service Understanding and threat hunting for RMM software misuse Threat-hunting case study: Windows Management Instrumentation abuse VanHelsing Ransomware An in-depth look at Black Basta's TTPs Six Key Takeaways From the SANS 2025 Threat Hunting Survey Update: Medusa Ransomware Writing high-quality IDS detection rules Threat hunting case study: RMM software Update: LockBit Ransomware Zservers: Bulletproof hosting for online crime Update: Black Basta Ransomware and Threat Group Black Basta exposed: A look at a cybercrime data leak BadPilot Campaign The evolution of Russian cybercrime Android trojan TgToxic updates its capabilities Threat hunting case study: SocGholish DeepSeek AI poses cybersecurity risks Law enforcement hammered cybercrime in 2024. Is it working? Remote Monitoring and Management (RMM) Abuse How threat actors are using artificial intelligence Threat hunting case study: PsExec How ransomware may trend in 2025 What 2025 May Hold for Cybersecurity Bring Your Own Hunts to HUNTER ‘Tis the Season to Be Alert for Cyber Threats: 5 Unjoyful Holiday Tactics Collecting Useful CTI from Underground Markets Expanding source coverage: adding Signal chats to threat intelligence
COVID-19 and the Use of Offensive Cyber Operations
Intel 471 · 2020-09-04 · via Intel 471 Blog

INTRODUCTION

A matter of fact is that the world has, in the last several months, undergone a period of upheaval as a consequence of the global COVID-19 pandemic. Many aspects of our lives that were taken for granted changed significantly, seemingly, overnight. Countries that shared open borders closed them; multinational corporations abandoned their office environments in favour of working-from-home; and, individuals faced months within the confines of the four walls of their homes. Amongst this chaos and uncertainty, criminals and spooks of the digital age intensified their existing efforts to levels that have been unprecedented in modern history.

It is important to note, though, that these were intensifications of existing operations. Despite the news media’s headlines asserting that these efforts by criminals and spies were phenomena borne of the virus, these efforts were pre-existing, and indeed to many working in the cyber security and intelligence communities, this activity was all too familiar. However, what had changed was the scale and intensity with which this activity was carried out.

Whereas once advanced actors would have to carefully research their targets, crafting messages with a convincing pretense, in the hopes of luring unsuspecting individuals with phishing emails; now, the number of people who were clamoring for information and hope, while simultaneously experiencing stress, boredom, and confusion had grown logarithmically, making almost every person a perfect target, ripe for exploitation. These malevolent actors realized this, and in turn, took M.F. Weiner’s infamous advice, about not wasting a crisis,[1] to heart.

The activity that resulted from this crisis capitalization was as diverse as the motivations of the actors behind it; however, it also served to highlight the increasingly central role that offensive cyber operations (OCO) — the collective term Western governments use to describe such activity[2] — have in governmental activities. Perhaps more interestingly though, is that this intensification of cyber activity peeled back the shroud of secrecy that often veils the activities of foreign and domestic intelligence agencies, even if only for a brief moment, to reveal the extent that OCO plays for the purposes of disinformation, intelligence collection, and intellectual property theft.

DISINFORMATION AND OFFENSIVE CYBER OPERATIONS

Throughout the pandemic, it was clear that information regarding the virus became a highly desirable, and yet altogether scarce, commodity. It seemed that every day, some new “fact” about the virus, preventative measures, a vaccine, or a therapeutic treatment was revealed, only to have that “fact” vanish the following day as competing information disproving the claim was released.[3] This vacuum, and simultaneous overload, of competing “facts” left many perplexed, and a perplexed population is one that will seek out their own answers.

Such a state of confusion and uncertainty is one where disinformation can be effectively employed. It is important to understand that while the terms “misinformation” and “disinformation” are frequently used interchangeably, they relate to very different concepts.

Misinformation is false information, which is often generated by incomplete or faulty data or assumptions and is often transmitted with the intent to aid others. Therefore, a news organization that promulgates information about COVID-19 that later turns out to be false, would be said to be spreading misinformation.

Conversely, disinformation is information which may contain both accurate and inaccurate data (which can make it much harder to separate fact from fiction), which is generated intentionally, and is transmitted in an effort to deflect criticism, divide populations, or disrupt government and business operations. While misinformation can be harmful during intense times of confusion, disinformation can often be far worse, as it has the capability of permeating a collective consciousness and eroding trust.

Examples of disinformation were rampant through the height of the pandemic and were often the result of countries attempting to lessen the “blow” that COVID-19 would have to their economies and international relations. Various agencies have, for instance, accused China of conducting disinformation with regards to the role their country played in the early stages of the virus, including a claim by a senior government official which asserted that the virus was “imported” to China by U.S. military personnel.[4] Other organizations have alleged that various governments have engaged in fostering disinformation about COVID-19 as a biological weapon, as means of fomenting anti-vaccination sentiment, and even claims that COVID-19 was transmitted by 5G cellular technology.[5]

While the claims themselves matter very little, the outcomes of disinformation on a population can be highly consequential: the topic of compulsory vaccinations for COVID-19 has entered the general zeitgeist,[6] significant government resources were committed to determining the origin of COVID-19,[7] and there were several reports of individuals across Europe burning down 5G compatible cellular towers.[8] However, sowing seeds of doubt and discord are not the only results of offensive cyber operations during the height of the pandemic.

INTELLIGENCE COLLECTION AND OFFENSIVE CYBER OPERATIONS

As a means of conducting intelligence analysis, one of the fundamental steps is collecting data and information from your allies, adversaries, and third parties. While this is sometimes portrayed in Hollywood as being carried out by secret agents covertly collecting information from hyperbolically evil villains, often in an effort to save the world from an overly complicated plot, the truth is often far more benign. The reality is that various intelligence agencies often commit significant resources to gathering data from an array of open sources[9] (such as the news media from various countries) while also gathering from more sensitive sources such as embassies, diplomats, and yes, even the occasional “secret agent.”

An example of this concerted effort by countries to collect accurate data and information can be seen by a report released early in 2020, which identified activities by the Vietnamese government conducting OCO against the Chinese government in an effort to collect data about the virus from less public sources.[10] This effort highlighted that COVID-19 had become a priority intelligence requirement (PIR), and that Vietnam sought to gain more insight into the Chinese deliberations about the virus, in order to corroborate existing data, or to supplement data that may have been perceived as less reliable from conventional sources. Other governments and agencies have likewise identified that they have been targeted by various cyber espionage actors in an effort to collect data on government responses to COVID-19.[11] [12]

INTELLECTUAL PROPERTY THEFT AND OFFENSIVE CYBER OPERATIONS

Intellectual property theft remains one of the key motivators for cyber espionage. [13] [14] [15] The benefits, both financially and reputationally, that can be realized by countries which successfully acquire highly confidential intellectual property secrets are numerous. Such theft can allow domestic firms to “catch up” with foreign countries without the associated research and development costs, for instance. Additionally, such confidential material can also prove highly lucrative during bilateral negotiations and may even allow countries to gain a reputational advantage over their economic competitors.

Therefore, it is no surprise that the interest by various foreign governments[16] [17] [18] in organizations engaged in COVID-19 research, especially labs working on vaccines, would prove a fruitful target for cyber espionage actors. Indeed, reports of such infiltrations have been widespread, with the United Kingdom,[19] Canada,[20] and the United States[21] all reporting extensive efforts to compromise these organizations. The benefits a government could realize from acquiring research on the topic of the vaccine are extensive: the country would stand to gain international acclaim in being one of the first to develop a vaccine, and domestic firms and governments would stand to profit significantly from nations looking to vaccinate their populations. The result of this is that many countries are seeking to gain a competitive advantage, and the use of OCO to achieve those ends is often the most effective.

CONCLUSION

To say that the world has changed in the midst of the COVID-19 pandemic is an understatement. Nations are still grappling with the systemic changes necessary to both protect their populations and restart their economies. However, such crises are often ripe for capitalization, and cyber espionage actors are no stranger to these strategic moments. Indeed, the COVID-19 pandemic has resulted in one of the most unprecedented intensifications of global offensive cyber operations in history, with the offensive cyber actors seeking to promulgate disinformation, perform intelligence collection, and acquire sensitive intellectual property all with an eye towards their strategic national interests.

[hubspot type=cta portal=7924572 id=a65e154e-9038-4476-b518-db9dd3119713]

[1] https://freakonomics.com/2009/08/13/quotes-uncovered-who-said-no-crisis-should-go-to-waste/

[2] https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp3_12.pdf

[3] https://www.smithsonianmag.com/science-nature/how-avoid-misinformation-about-covid-19-180974615/

[4] https://www.euronews.com/2020/07/14/japan-accuses-china-of-disinformation-over-coronavirus-outbreak

[5] https://euvsdisinfo.eu/eeas-special-report-update-short-assessment-of-narratives-and-disinformation-around-the-covid19-pandemic-updated-23-april-18-may/

[6] https://www.nationalgeographic.com/science/2020/08/how-coronavirus-covid-vaccine-mandate-would-actually-work-cvd/

[7] https://www.wsj.com/articles/u-s-intelligence-agencies-say-coronavirus-originated-in-china-wasnt-man-madeor-genetically-modified-11588260228

[8] https://abcnews.go.com/Health/wireStory/conspiracy-theorists-burn-5g-towers-claiming-link-virus-70258811

[9] https://fas.org/irp/dni/osc/index.html

[10] https://www.reuters.com/article/us-health-coronavirus-cyber-vietnam/vietnam-linked-hackers-targeted-chinese-government-over-coronavirus-response-researchers-idUSKCN2241C8

[11] https://cyber.gc.ca/en/guidance/cyber-threat-bulletin-impact-covid-19-cyber-threat-activity

[12] https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development

[13] https://www.govinfo.gov/content/pkg/CHRG-113hhrg86391/html/CHRG-113hhrg86391.htm

[14] https://www.dni.gov/files/NCSC/documents/news/20180724-economic-espionage-pub.pdf

[15] https://www.carbonblack.com/definitions/what-is-cyber-espionage/

[16] https://www.chemistryworld.com/news/russian-cyber-spies-are-targeting-covid-19-vaccine-research/4012155.article

[17] https://www.nationalreview.com/news/chinese-and-iranian-hackers-targeting-us-vaccine-research/

[18] https://www.wsj.com/articles/chinese-iranian-hacking-may-be-hampering-search-for-coronavirus-vaccine-officials-say-11589362205

[19] https://www.bbc.com/news/world-us-canada-53493028

[20] https://www.ctvnews.ca/health/coronavirus/russian-hackers-have-tried-to-steal-covid-19-research-1.5026553

[21] https://www.nytimes.com/2020/07/21/us/politics/china-hacking-coronavirus-vaccine.html