CERT-In warned that malicious actors are planning a large-scale phishing attack campaign on individuals and businesses. It is not sponsored by China.
Indian Computer Emergency Response Team (CERT-In) released an advisory on June 19, 2020, stating that a phishing attack campaign is planned by malicious actors using emails related to COVID-19. It is expected to mimic individuals, government agencies, departments, and trade associates. Further CERT-In reports that the email ID anticipated to be used in the campaign is 'email@example.com', and the attack would start on June 21, 2020. Moreover, CERT-In provided a list of steps for users to protect themselves from the attack and urged them not to click on URLs contained in unsolicited emails. Under disclaimer, CERT-In mentions that this information provided by them is on the basis of information provided by CYFIRMA.
The CYFIRMA, a cybersecurity company, and its researchers exposed that a global COVID-19 related phishing campaign is operated by Lazarus group, a known hacker group sponsored by North Korea. Therefore we can conclude that the phishing campaign was sponsored by the Lazarus group funded by North Korea, and not by Chinese hackers.
The COVID-19 pandemic has given rise to a lot of potentially dangerous misinformation. For reliable advice on COVID-19 including symptoms, prevention and available treatment, please refer to the World Health Organisation or your national healthcare authority.