COVID-19 Key Developments: Week of April 4-10

The spread of coronavirus continues to have significant impacts across the world, as governments continue to enact and maintain a variety of measures in an effort to contain the spread of the virus within their country as well as across borders. The Flashpoint team is observing the following with regards to government response, law enforcement actions, cybercrime, as well as misinformation and disinformation trends.

Zoom Concerns:

This week, Flashpoint published a blog, “Potential Link of Compromised Zoom Accounts to Previously Compromised Credentials” that details the ways in which threat actors are seeking to exploit the increased use of videoconferencing applications.

Government Responses:

Governments have continued to impose travel restrictions at local and federal levels in an effort to minimize continued spread of the coronavirus.

This week China reported no new deaths due to COVID-19, and the government has begun lifting restrictions in Wuhan, the city of 11 million in China that was the center of the initial COVID-19 outbreak. Public transportation is now operating in Wuhan, and individuals with a “green” health status are now permitted to leave.

While the situation appears to be leveling off, research shows some erratic figures and questions around both the reporting and activities, such as social media ad campaigns, that may be designed to skew perceptions of the actual situation on the ground.

Japanese Prime Minister Shinzo Abe announced a state of emergency to target infections in the country. He also announced plans for a stimulus package to assist the Japanese economy.

South Korea has reported that some individuals have become reinfected with the disease after being released from quarantine, triggering concerns about a renewed spike in infections. A specialist team has been sent to conduct an epidemiological investigation in the city.

As the global pandemic continues to take lives and upend economies, world leaders are criticizing organizations charged with protecting populations from health emergencies. Criticisms range from the WHO’s endorsement of Chinese government claims in mid-January surrounding human-to-human transmission, and the WHO’s deference when China denied outside experts permission to visit Wuhan until mid-February.

The US Federal Drug Administration (FDA) announced that it is granting Steris Corporation an emergency use authorization to decontaminate N95 or N95-equivalent respirators for reuse by healthcare employees. According to the FDA’s press release, they could decontaminate approximately 750,000 N95 respirators per day, as the required equipment is already available in over 2,000 hospitals nationwide.

Law Enforcement Actions:

The US Attorney’s Office for the Middle District of Florida announced charges against a man in St. Petersburg, Florida. According to the criminal complaint, the individual was being arrested for domestic violence-related charges, and allegedly spit on the arresting officer. The individual then claimed that he had coronavirus and was spreading it.  

With tax season extensions and COVID-19 loan applications and stimulus checks being applied for and processed, the volume of fraud and malfeasance may increase. The US Department of Justice warns consumers of fraud schemes around economic impact payment checks, some of which began to be distributed this week.

Cybercrime and Coronavirus:

The coronavirus pandemic continues to be reflected in cybercriminal activities, as threat actors leverage the pandemic to carry out various online fraud schemes.

The US Government has announced that stimulus checks to individuals will be sent out beginning early the week of April 13, 2020, and the Small Business Administration is in the process of accepting applications for relief to US businesses affected by the pandemic as well.

As the US Government rolls out the implementation of the stimulus package for individual checks and relief for small businesses, criminals are likely to target the distribution mechanisms in place in order to conduct fraud schemes. Flashpoint analysts are tracking threat actor activities across the DDW to evaluate the ways in which threat actors are looking to target both the financial sector and other entities that may be receiving economic assistance.

The Australian Government disclosed that its Australian Signals Directorate (ASD) has retaliated against threat actor campaigns attempting to exploit the pandemic for malicious purposes. According to the government, the ASD “already successfully disrupted activities from foreign criminals by disabling their infrastructure and blocking their access to stolen information,” and note that some of the tactics by the actors have included impersonation of health officials.

Misinformation and disinformation trends:

Misinformation and disinformation continues to spread on social media platforms and via chat services. Narratives and major developments observed by Flashpoint analysts include:

Claims that death figures in the US are overstated have spread on several social media platforms in various forms and have been picked up by far-right personalities and conspiracy theorists. They have given birth to hashtags such as #filmyourhospital and #plandemic on TikTok and other popular social media platforms, with some users encouraging each other to go to hospitals and film evidence that they are empty. The spread of such campaigns represents a physical security risk. Promoters of this narrative also used intentionally misinterpreted videos featuring Dr. Deborah Birx, the White House coronavirus task force coordinator, as well as a news report featuring a medical presentation on a dummy to claim that death figures are deliberately inflated. A similar narrative spread in the United Kingdom, where Facebook groups spread the misleading information that the government removed COVID-19 from the technical list of “high consequence infectious diseases” because the pandemic was always about a power grab.

5G-related conspiracy theories about COVID-19 continue spreading despite platforms taking action against users sharing such content. Twitter suspended the account of “Joe M,” one of the main voices of the “QAnon” conspiracy theory, for COVID-19-related violations. Meanwhile, a broader online campaign against Bill Gates seemed to take momentum, accusing the businessman of trying to “implant microchips” into people with a COVID-2019 vaccine that he has donated money to develop. This echoes previous 5G-related conspiracy theories that aimed to create mistrust in vaccines.

China and Chinese actors continued a “war of narratives.” A Chinese Foreign Ministry spokesman harangued the United States on Twitter for the treatment of Captain Crozier, a senior Navy officer dismissed for raising awareness of COVID-19 infections aboard the USS Theodore Roosevelt. China continued sending humanitarian aid to various nations with ample media coverage and some social media users shared questionable reports about the effectiveness of traditional Chinese medicine against COVID-19.

Bad advice on masks:

With an increasing number of people wearing face masks when going outside, there is a heightened risk that bad advice relating to the handling of masks will spread on social media. Flashpoint analysts identified content suggesting that people microwave used masks to remove infectious substances, which is ineffective and potentially dangerous.

Narratives related to US politics:

With a heated debate about postal voting triggered by the April 7, 2020 primary elections in Wisconsin, Flashpoint analysts assess that there is a heightened risk of disinformation claiming that the COVID-19 pandemic is an excuse to expand postal voting and, through it, electoral fraud. Flashpoint analysts have already detected chatter in extremist communities about alleged COVID-19-related voter fraud.