Google disclosed that in September it began to see multiple North Korea groups shifting their targeting hacks toward COVID-19 researchers and pharmaceutical companies, including those based in South Korea. "One campaign used URL shorteners and impersonated the target’s webmail portal in an attempt to harvest email credentials," Google’s Shane Huntley wrote in the blog
. "In a separate campaign, attackers posed as recruiting professionals to lure targets into downloading malware." Huntley explains.