Singapore, Japan, and the US are amongst six nations targeted in a COVID-19 themed phishing campaign that is reportedly scheduled for June 21, during which 8,000 businesses in Singapore may receive email messages from a spoofed Ministry of Manpower account. North Korean state hacker group Lazarus are said to be behind the massive attack that will see more than 5 million businesses and individuals receiving phishing email messages from spoofed government accounts.
Large scale phishing campaigns is a matter of daily routine. Some of them involve 0day vulnerabilities, or very recent and not yet patched vulnerabilities, while most of them have carefully selected contacts stolen from various sources or purchased on the Dark Web. There, you have readily available contacts of hundreds of millions of people available for sale, including recent law enforcement databases and governmental resources. Five millions contacts can be located in one day with a web browser and hundred of bucks in Bitcoin.
Professional cybercriminals will unlikely discuss their upcoming hacking campaigns in a visible manner unless they aim to build a smoke screen a raise a false alert. Moreover, targeting enterprises with COVID-19 today borders to absurd, virtually all organizations now have internal memos or policies saying to distrust all and any COVID-19 related communications from any source. It seems that the allegedly detected campaign comes from script kiddies, not a nation-state threat actor.