Email addresses and passwords belonging to top officials at WHO, the Gates Foundation, the National Institute of Health, the Wuhan Institute of Virology, and Centers for Disease Control and Prevention (CDC) have been shared on Twitter and Pastebin by unknown actors.
The published email addresses and passwords were discovered by Site Intelligence Group, a US-based NGO that tracks online activities of white supremacists and jihadist organisations. The group's director Rita Katz believes these details were disseminated by far-right extremists to harass officials at the targeted global agencies.
According to information obtained by BBC, the leaked email addressses and passwords numbered over 25,000, including 9,938 from the National Institute of Health (NIH), 6,857 from the Centers for Disease Control and Prevention (CDC), 5,120 from the World Bank, 2,732 from the World Health Organization (WHO), 269 from the Gates Foundation, and 21 from the Wuhan Institute of Virology.
Ilia Kolochenko, Founder & CEO of ImmuniWeb, told Teiss that it seems these credentials are coming from public or semi-public collections of stolen credentials, which are widely available on the Dark Web marketplaces and hacking forums.
"Most of these types of password collections contain a considerable number of redundant, outdated or even deliberately fake data. Given that most business-critical systems now use 2FA and other security mechanisms to prevent password-reuse attacks, I don’t see any material risks stemming from the reported “leak”.
"The impacted organizations should, however, rapidly conduct an internal investigation to ascertain they didn’t fall victims to a sophisticated data breach amid pandemic," he added.
Hackers targeted WHO in March to steal email credentials of officials
In March, the World Health Organisation had confirmed that a group of hackers had tried to infiltrate its systems to steal email credentials when the organisation was busy with handling the COVID-19 outbreak. Flavio Aggio, the Chief Information Security Officer of WHO, said that the spear-phishing campaign was unsuccessful.
“There has been a big increase in targeting of the WHO and other cybersecurity incidents. There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled,” he said.
Alexander Urbelis, a cybersecurity expert and attorney at the Blackstone Law Group, told Reuters that he observed "a live attack on the World Health Organization in the midst of a pandemic” that involved hackers activating questionable internet domains.
Urbelis said he identified suspicious activity around March 13 when the group of hackers he was following for months activated a malicious site identical to the WHO’s own email system. While he could not confirm the responsible party for this attack, other sources are doubting that it could be the work of an advanced group of hackers known as DarkHotel, which has been in operation since 2007.