22 December 2020

US authorities seize domains used in COVID-19-related phishing campaigns


US authorities seize domains used in COVID-19-related phishing campaigns

The US Department of Justice has seized two domain names disguised as official websites of Moderna and Regeneron, two biotechnology companies developing treatments for the COVID-19 virus. While domains in question (“mordernatx.com” and “regeneronmedicals.com,”) almost perfectly mimicked the contents of the real sites, they collected personal information of visitors in order to use it in fraud schemes, phishing attacks, and malware campaigns.

According to a DOJ press release, investigations into the two domains began in early December, after corporate security for one of the companies located the spoof website and contacted the authorities.

In both cases visitors who wanted to reach the “Contact Us” pages on the phishing sites were redirected to a form that either requested sensitive information including name, company / institution, title, phone number, and e-mail address or asked to reach out via a Voice over IP (VOIP) number.

The mordernatx[.]com domain was registered through a company from Kuala Lumpur, Malaysia, on December 8, and regeneronmedicals[.]com on December 6 by an individual from Onitsha Anambra, Nigeria.

Both websites have been shut down.

“Individuals visiting those sites now will see a message that the site has been seized by the federal government and be redirected to another site for additional information,” the DOJ said.

Earlier this month, the European Medicines Agency (EMA) disclosed a cyber attack against its systems, in which hackers gained access to documents related to Moderna's and Pfizer and BioNTech’s COVID-19 vaccines.

Back to the list

Latest Posts

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

FBI warns of ongoing vishing attacks seeking to steal corporate credentials

Cybercriminals use VoIP platforms to target company employees.
19 January 2021
IObit forum hacked in a DeroHE ransomware attack

IObit forum hacked in a DeroHE ransomware attack

It is unknown, how the hackers managed to compromise the forum, but it is possible that they gained access to an administrative account.
19 January 2021
OpenWrt Project discloses data breach

OpenWrt Project discloses data breach

The hackers gained access to an administrator account on the OpenWrt forum and stole a copy of the user list.
19 January 2021