The US Department of Justice (DoJ) has confiscated two domains that forged the official sites of biotechnology companies Modern and Regeneron, involved in the development of vaccines to combat COVID-19. Domains confiscated by the federal government were used for various malicious purposes, such as fraud, "infecting" visitors with malware and collection of sensitive information through Phishing attacks.
The US Department of Justice said late last week that visitors to these sites will now see a message that the site has been confiscated by the federal government and will be redirected to another site for additional information.
U.S. Attorney for the District of Maryland Robert K. Hur stated the following after the seizure of the domains: "I urge the people to remain vigilant. Do not provide personal information and do not click on sites or links contained in spam emails. Do not fall victim. "
The research concerning the two domains - mordernatx [.] Com and regeneronmedicals [.] Com - followed by a report by the team cyber security of Moderna and from an ongoing investigation into malicious sites. In both cases, the visitors wanted to go to the pages "Contact us" on closed sites, were redirected to a form asking them to either provide sensitive personal information, such as name, company / institution, title, telephone number and address e-mail, or communicate via VOIP.
The domain mordernatx [.] Com registered through a company from Kuala Lumpur, Malaysia, on 8 December, and the regeneronmedicals [.] Com on December 6 by a man from Onitsha Anambra, Nigeria.
The US Department of Justice said that by seizing these domains, the government prevented third parties from obtaining the names and using them to commit additional crimes, while also preventing third parties from continuing to have access on sites in their current form. In addition, Homeland Security investigator John Eisert said the individuals took advantage of the fear and confusion caused by the COVID-19 global health crisis and tried to steal personal information for malicious purposes.
According to BleepingComputer, more than 275.000 Americans have reported financial losses of more than $ 211 million, following COVID-19 fraud since the beginning of this year, according to the US Federal Trade Commission (FTC). Cybercriminals have also targeted organizations involved in COVID-19 research and the cold chain of vaccines.
For example, vaccine development agencies from Canada, the United Kingdom, and the United States have been targeted throughout the year by the Russian state hacking group APT29 for gathering information related to vaccine development and testing. .
Furthermore, hackers linked to the People's Republic of China have been involved in similar attacks, according to a joint statement issued by the FBI, DHS and CISA.
Finally, and Microsoft products has removed domains used in COVID-19-related cybercrime, such as the collection of sensitive information, which was later used in BEC (Business Email Compromise) attacks.