Hackers target WHO as coronavirus cyberattacks soar twofold
- WHO’s chief information security officer said the identity of the hackers was unclear, but the effort was unsuccessful
- The UN body published an alert last month warning that hackers are posing as the agency to steal money from the public
Elite hackers tried to break into the World Health Organisation (WHO) earlier this month, part of what a senior agency official said was a more than twofold increase in cyberattacks.
The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and lawyer with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity.
Urbelis said he picked up on the activity around March 13, when a group of hackers he’d been following activated a malicious site mimicking the WHO’s internal email system.
“I realised quite quickly that this was a live attack on the World Health Organisation in the midst of a pandemic,” he said.
Urbelis said he did not know who was responsible, but two other sources briefed on the matter said they suspected an advanced group of hackers known as DarkHotel, which has been conducting cyber-espionage operations since at least 2007.
Messages sent to email addresses maintained by the hackers went unreturned.
Aggio confirmed that the site spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staffers.
“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” Aggio said. “There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”
The WHO published an alert last month warning that hackers are posing as the agency to steal money and sensitive information from the public.
United Nations agencies, the WHO among them, are regularly targeted by digital espionage campaigns and Aggio declined to say who precisely at the organisation the hackers had in their sights.
How the WHO is leading the social media fight against misinformation
Cybersecurity firms including Romania’s Bitdefender and Moscow-based Kaspersky said they have traced many of DarkHotel’s operations to East Asia – an area that has been particularly affected by the coronavirus. Specific targets have included government employees and business executives in places such as China, North Korea, Japan, and the United States.
Costin Raiu, head of global research and analysis at Kaspersky, could not confirm that DarkHotel was responsible for the WHO attack but said the same malicious web infrastructure had also been used to target other health care and humanitarian organisations in recent weeks.
“At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organisation of an affected country,” he said.
Officials and cybersecurity experts have warned that hackers of all stripes are seeking to capitalise on international concern over the spread of the coronavirus.
Urbelis said he has tracked thousands of coronavirus-themed websites being set up daily, many of them obviously malicious.
“It’s still around 2,000 a day,” he said. “I have never seen anything like this.”
Purchase the China AI Report 2020 brought to you by SCMP Research and enjoy a 20% discount (original price US$400). This 60-page all new intelligence report gives you first-hand insights and analysis into the latest industry developments and intelligence about China AI. Get exclusive access to our webinars for continuous learning, and interact with China AI executives in live Q&A. Offer valid until 31 March 2020.
