WHO officials targeted with spear-phishing attacks in early March

WHO officials targeted with spear-phishing attacks in early March

world health organisation

A group of hackers tried to break into the World Health organisation's system earlier this month to steal email credentials when the organisation was busy with handling the COVID-19 outbreak.

Flavio Aggio, the Chief Information Security Officer of WHO, has confirmed that the spear-phishing campaign, which took place when the organisation was preoccupied with the pandemic, was unsuccessful.

Alexander Urbelis, a cybersecurity expert and attorney with the Blackstone Law Group, told Reuters, that he observed "a live attack on the World Health Organization in the midst of a pandemic” that involved hackers activating questionable internet domains.

Urbelis said he identified suspicious activity around March 13, when the group of hackers he was following for months activated a malicious site identical to the WHO’s own email system. While he could not confirm the responsible party for this attack, other sources are doubting that it could be the work of an advanced group of hackers known as DarkHotel, which has been in operation since 2007.

WHO's CISO Aggio told Reuters that the site that the hackers used was in an attempt to steal passwords of employees. “There has been a big increase in targeting of the WHO and other cybersecurity incidents. There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled,” he said.

Hackers are regularly targeting WHO to obtain information about cures, tests, and vaccines

Costin Raiu, head of global research and analysis at Kaspersky, also told Reuters that he could not confirm if DarkHotel was behind the cyber attack, but he has seen such malicious web infrastructure used to target other healthcare and humanitarian organisations in recent weeks. “At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organisation of an affected country,” he said.

Last month, WHO published an awareness post on their website informing people that hackers are posing as the agency to steal money and sensitive information from the public. In the awareness post, WHO confirmed that they will not ask for username or password to access safety information, send unsolicited email attachments, visit a link outside of www.who.int.

They have also stated that they do not charge for jobs, register for a conference, or reserve a hotel and never conduct lotteries or offer prizes, grants, certificates or funding through emails.

ALSO READ: Organisations are improving their password security, but not enough

Copyright Lyonsdown Limited 2021

Top Articles

Data of 500m LinkedIn users put up for sale on the Dark Web

Detailed personal and professional information associated with 500 million LinkedIn profiles has been put up for sale on a popular dark web forum.

Several EU bodies suffered cyber attacks in March, EU reveals

A number of European Union institutions, including the European Commission, were the targets of cyber attacks in March.

The rise and rise of nation state cyber attacks

There has been a 100% rise in nation state cyber attacks over the last three years with attacks aimed at organizations with high value IP, such as technology and pharmaceutical…

Related Articles