FBI Alert TLP White: COVID-19 Email Phishing Against US Healthcare Providers

Following a global increase in malicious cyber activity exploiting fear derived from the COVID-19 pandemic, the FBI was notified of targeted email phishing attempts against US-based medical providers. These attempts leveraged email subject lines and content related to COVID-19 to distribute malicious attachments, which exploited Microsoft Word Document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables. The FBI is providing indicators of compromise related to these phishing attempts to assist network defenders in protecting their environments. Additionally, the FBI is providing the attached list of hashes related to additional COVID-19 phishing.

Related Resources

Case Studies
Public
As of early October 2021, the health system reached a 99% vaccination rate among staff and more than 600,000 people were vaccinated throughout the region.
Other Resources
Public
New COVID-19 vaccine strategies to reach people still not vaccinated are under development.
Other Resources
Getting both viruses at once may lead to long-term damage or death.
Other Resources
CHOP’s online flu season resource center offers preventive measures, a look back at the history of the flu vaccine, “Just the Vax” trivia game and a fast facts…
Special Bulletin
Public
The Centers for Disease Control and Prevention (CDC) has released an initial document intended to assist jurisdictions across the country in planning for the…
Issue Landing Page
Cybersecurity vulnerabilities and intrusions pose risks for every hospital, and its reputation. The American Hospital Association offers resources for…