Advanced persistent threat groups and cyber criminals are increasingly exploiting the ongoing COVID-19 pandemic, targeting individuals and organizations of all sizes seeking to steal credentials and deploy ransomware and other malware, warn two cyber security-focused agencies in Britain and the U.S.

Threats have also expanded due to employees working virtually, putting at risk individuals and organizations, warns a joint alert by the United Kingdom’s National Cyber Security Centre (NCSC) and the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA).

“Both CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors,” says the April 8 joint alert. “At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.”

Exploitation of the pandemic will likely continue in the coming weeks and months, the alert says.

Social engineering methods, particularly email scams, are the attack vector being used by advanced persistent threat (APT) groups, which are typically nation-state or state sponsored, and cyber criminals. The agencies also say that threat actors are also moving to “rapidly” attack new “remote access and teleworking infrastructure.”

Examples cited in the alert include emails containing malware that are made to look like they come from the head of the World Health Organization and others claiming to offer medical supplies like thermometers and face masks to combat the virus.

The hacking goals of the APT groups are basically the same as ever, which are “espionage and ’hack-and-leak’ operations.” It says cyber criminals are after commercial gain and are doing it through ransomware and other malware.

“As the COVID-19 outbreak continues to evolve, bad actors are using these difficult times to exploit and take advantage of the public and business,” Brian Ware, assistant director of Cybersecurity for CISA, said in a statement. “Our partnerships with the NCSC and industry have played a critical role in our ability to track these threats and respond.”