COVID-19: CYBERSECURITY WATCH #2 – March 26th, 2020

In light of the current health crisis, the CERT of (CERT-DS) will implement a monitoring and alert system linked to the impacts and consequences of COVID-19 on cybersecurity. This monitoring, which can be shared freely, is intended to:

  • Identify the biggest threats to computer systems;
  • Share the resources and tools necessary to grasp and prevent ISS risks;
  • Highlight the best digital practices to adopt in the face of this crisis.

Each week’s main news items are grouped into four categories: Threats, Fraud, Useful Resources and Other News.

  • Threats” include malware, phishing and ransomware campaigns, as well as cyberattacks on major infrastructures;
  • Fraud” includes scams and fake news;
  • Useful Resources” refers to the information and tools needed to deal with this health crisis;
  • Other News” combines a variety of information such as government measures taken in the area of cybersecurity.


Attack: Multiple hacking attempts against the World Health Organization (WHO) site linked to COVID-19 (Early March)
Attackers: Suspicions about the DarkHotel Group
Method: Password theft and identity theft
Target: WHO staff members
Publication date: March 23rd, 2020
Description: According to WHO’s Chief Information Security Officer  Flavio Agio, multiple hacking attempts are targeting the WHO site. Since a first attack on March 13, 2020, attacks have continued to multiply.


Attack: Cyberattack on Paris Hospitals (AP-HP)
Method: Denial of Service Attack (DDoS)
Target: Public assistance – Paris Hospitals
Publication date: March 22nd, 2020
Description: The Public Assistance servers have been victims of a denial of service leading to a saturation of their servers.


Attack: “Corona Antivirus” fake antivirus software against COVID-19
Method: Malware / distribution of the BlackNet administration tool
Publication date: March 23rd, 2020
Description: This fake website (antivirus-covid19[.] site) encourages users to install this digital anti-virus to counter the contamination of covid-19. The website claims that Harvard researchers have developed an AI capable of fighting covid-19 via a Windows application.


Attack: Ransomware against a British medical research company
Attackers: Maze Group
Method: Ransomware / Denial of Service / Publication of Personal Data
Target: Hammersmith Medicines Research (HMR)
Publication date: March 22nd, 2020
Description: The Maze Group has released personal and medical patient data belonging to the HMR medical research company (which conducts covid-19 vaccine trials) because the company has refused to pay a ransom.



Attack: “COVID-19” or “coronavirus” special offers on malware sales
Method: False special offers to install malware
Surface/Application : Darknet
Publication date: March 19th, 2020
Description: Hackers use promo codes related to the COVID-19 theme to promote items on the darknet. These items are most often malicious software or operating tools. There are also fake online sales of computers.


Attack: swindle of a pharmaceutical company (Cerp Rouen) by a fake company
Method: Shadow company / President scam
Target: Rouen Cerp
Publication date: March 19th, 2020
Description: More than 6.6 million euros stolen from Cerp Rouen by a fake website that claimed to sell protective masks and hydro-alcoholic gels.


Attack: Threat of coronavirus infection combined with data theft
Method: Scam and email ransom demand
Target: Messaging
Publication date: March 23rd, 2020
Description: Hackers threaten to infect people with the coronavirus, steal and then disclose their personal data in exchange for a ransom of $4,000 in Bitcoin.


Useful Resources

Resource type: Call for Proposals for Innovative Solutions to Address COVID-19
Targets: Anyone able to propose a project capable of offering innovative solutions related to the fight against Covid-19 (solutions that are technological, organizational, managerial or adaptation of industrial processes).
Publication date: March 23rd, 2020
Description: The Ministry of the Armed Forces call for projects is launched by the Defence Innovation Agency (DIA) to fight the COVID-19 pandemic. Successful proposals are evaluated until April 12, 2020.


Resource type: Provision of two interactive maps on the evolution of COVID-19 in real time (France)
Publication date: March 24th, 2020
Description: These maps are available on the French government’s “” platform. The data is updated every day.


Resource type: Siri is now able to assist in the screening of COVID-19 (United States)
Publication date: March 23rd, 2020
Targets: Apple users (US)
Description: Siri has received an update allowing it to answer users’ questions related to COVID-19 and especially whether they are contaminated or not. This update is only available in the United States for the moment.


Resource Type: Deployment of Artificial Intelligence by Microsoft to Assist Caregivers
Publication date: March 24th, 2020
Description: Development of Healthcare Bot by Microsoft for the public to screen for COVID-19. This AI can evaluate the different symptoms of the coronavirus and report a diagnosis, which can then lead to a video consultation with a health Professional.


Other news

Country: Iran
Topic: Application to control the COVID-19 pandemic in Iran
Publication date: March 16th, 2020
Description: The Iranian government has implemented an “AC19” surveillance application to allow the population to self-diagnose the presence of the virus in the body. A location option would also be available through the app.


Back to the first newsletter of CYBERSECURITY WATCH #1: here