The US Department of Justice has seized two domain names disguised as official websites of Moderna and Regeneron, two biotechnology companies developing treatments for the COVID-19 virus. While domains in question (“mordernatx.com” and “regeneronmedicals.com,”) almost perfectly mimicked the contents of the real sites, they collected personal information of visitors in order to use it in fraud schemes, phishing attacks, and malware campaigns.
According to a DOJ press release, investigations into the two domains began in early December, after corporate security for one of the companies located the spoof website and contacted the authorities.
In both cases visitors who wanted to reach the “Contact Us” pages on the phishing sites were redirected to a form that either requested sensitive information including name, company / institution, title, phone number, and e-mail address or asked to reach out via a Voice over IP (VOIP) number.
The mordernatx[.]com domain was registered through a company from Kuala Lumpur, Malaysia, on December 8, and regeneronmedicals[.]com on December 6 by an individual from Onitsha Anambra, Nigeria.
Both websites have been shut down.
“Individuals visiting those sites now will see a message that the site has been seized by the federal government and be redirected to another site for additional information,” the DOJ said.
Earlier this month, the European Medicines Agency (EMA) disclosed a cyber attack against its systems, in which hackers gained access to documents related to Moderna's and Pfizer and BioNTech’s COVID-19 vaccines.