Hackers impersonate WHO, DHL, and vaccine makers to spread malware

Hackers impersonate WHO, DHL, and vaccine makers to spread malware

Over the last two months threat actors have increased their efforts luring victims with COVID-19 vaccine news such as approvals of the vaccine by world governments, logistics of vaccine deployment, etc. to spread malware, phishing, and Business Email Compromise attacks (BEC).

The attacks target users in organizations located in the United States, Canada, Austria, and Germany by impersonating organizations, including the WHO, DHL, and vaccine manufacturers. The themes leveraged a range of topics, including the fear that a person had encountered an infected individual; government vaccine approvals and economic recovery fueled by the vaccine; and sign-up forms to receive the vaccine, information updates, and vaccine shipment delivery, according to a new report fr om the cybersecurity company Proofpoint.

At the start of this year, the researchers observed a phishing campaign aimed at stealing Microsoft Office 365 login credentials that over four days targeted dozens of different industries in United States and Canada. The emails urged the potential victims to click a link to “confirm their email to receive the vaccine”.

“This campaign was notable because it capitalized on the recent government approval of vaccines and the rush to receive it. Specifically, the email talks about "Government approval of the COVID-19 vaccine" and provides a link wh ere one can supposedly register to receive it. At the time of this campaign, the vaccine in the United States was still available to first responders and doctors on the front lines,” Proofpoint reports. “The campaign also abused the brands of COVID-19 vaccine manufacturers as the lure in some of the emails. Other emails did not mention specific brands.”

The observed BEC attack campaigns, however, were far more targeted. They reportedly gave information on a bogus merger/acquisition and were sent directly to senior executives in the affected organizations.

In one of the campaigns attackers used "COVID-19 APPROVED NEW VACCINES" as the email lure and abused the World Health Organization logo and name. The email contained an attachment with an executable, which drops and runs Tesla Agent keylogger.

In another attack hackers used the DHL brand to steal email login credentials. Both malicious campaigns used news on COVID-19 vaccines to trick users into clicking on malicious links.


Back to the list

Latest Posts

AI chatbots fall for phishing scams

AI chatbots fall for phishing scams

The models provided the correct URL only 66% of the time; nearly 30% of responses pointed users to dead or suspended domains.
3 July 2025
Chinese hackers exploited Ivanti flaws in attacks against French government

Chinese hackers exploited Ivanti flaws in attacks against French government

ANSSI believes that the Houken campaign is operated by ‘UNC5174’, an entity believed to act as an initial access broker for China’s Ministry of State Security.
2 July 2025
Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

Threat actors exploit Vercel's AI tool v0 to build sophisticated phishing pages

The malicious actors used v0.dev to create fake login pages mimicking legitimate brands.
2 July 2025