WHO officials targeted with spear-phishing attacks in early March
Flavio Aggio, the Chief Information Security Officer of WHO, has confirmed that the spear-phishing campaign, which took place when the organisation was preoccupied with the pandemic, was unsuccessful.
Alexander Urbelis, a cybersecurity expert and attorney with the Blackstone Law Group, told Reuters, that he observed “a live attack on the World Health Organization in the midst of a pandemic” that involved hackers activating questionable internet domains.
Urbelis said he identified suspicious activity around March 13, when the group of hackers he was following for months activated a malicious site identical to the WHO’s own email system. While he could not confirm the responsible party for this attack, other sources are doubting that it could be the work of an advanced group of hackers known as DarkHotel, which has been in operation since 2007.
WHO’s CISO Aggio told Reuters that the site that the hackers used was in an attempt to steal passwords of employees. “There has been a big increase in targeting of the WHO and other cybersecurity incidents. There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled,” he said.
Hackers are regularly targeting WHO to obtain information about cures, tests, and vaccines
Costin Raiu, head of global research and analysis at Kaspersky, also told Reuters that he could not confirm if DarkHotel was behind the cyber attack, but he has seen such malicious web infrastructure used to target other healthcare and humanitarian organisations in recent weeks. “At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organisation of an affected country,” he said.
Last month, WHO published an awareness post on their website informing people that hackers are posing as the agency to steal money and sensitive information from the public. In the awareness post, WHO confirmed that they will not ask for username or password to access safety information, send unsolicited email attachments, visit a link outside of www.who.int.
They have also stated that they do not charge for jobs, register for a conference, or reserve a hotel and never conduct lotteries or offer prizes, grants, certificates or funding through emails.