WASHINGTON / LONDON (Reuters) – Elite hackers attempted to join the World Health Organization earlier this month, according to Reuters sources, part of what a senior agency official said was an increase. more than double the cyber attacks.
Traffic passes through the World Health Organization (WHO) Regional Office for the Americas during the coronavirus epidemic (COVID-19) in Washington, DC, USA, March 22, 2020. REUTERS / Raphael Satter
Flavio Aggio, Chief Information Security Officer, said that the identity of the hackers is unclear and that the effort was unsuccessful. But he warned that hacking attempts against the agency and its partners have skyrocketed as they fight to contain the coronavirus, which has killed over 15,000 worldwide.
The attempt to raid the WHO was first reported to Reuters by Alexander Urbelis, a cybersecurity expert and lawyer from the Blackstone Law Group in New York, who tracks suspicious Internet domain registration activities.
Urbelis said he resumed activity around March 13, when a group of hackers he was following activated a malicious site that mimics the internal email system of the WHO.
“I quickly realized that this was a live attack on the World Health Organization in the midst of a pandemic,” he said.
Urbelis said he did not know who was responsible, but two other informed sources on the matter said they suspected an advanced group of hackers known as DarkHotel, which has been conducting cyber espionage operations since at least 2007.
Messages sent to hacker-managed email addresses have not been returned.
When asked by Reuters about the incident, WHO’s Aggio confirmed that the site Urbelis had identified had been used in an attempt to steal passwords from multiple agency agents.
“There has been a big increase in WHO targeting and other cyber security incidents,” said Aggio in a telephone interview. “There are no concrete numbers, but these compromise attempts against us and the use of WHO imitations to hit others have more than doubled.”
WHO released a notice last month – available here – warning that hackers are acting like an agency to steal money and sensitive information from the public.
And government officials in the United States, Britain and elsewhere have issued cybersecurity warnings about the dangers of a barely remote workforce as people disperse into their homes to work and study because of the coronavirus pandemic.
The reasons for the case identified by Reuters are unclear. United Nations agencies, including WHO, are regularly targeted by digital espionage campaigns and Aggio said he did not know exactly who in the organization the hackers had in sight.
Cyber security companies including Bitdefender in Romania and Moscow-based Kaspersky said they tracked down many of DarkHotel’s operations in East Asia, an area that has been particularly affected by the coronavirus. Specific targets have included government employees and corporate executives in places like China, North Korea, Japan and the United States.
Costin Raiu, head of global research and analysis at Kaspersky, could not confirm that DarkHotel was responsible for the WHO attack, but said that the same harmful Web infrastructure had also been used to target other health and humanitarian organizations in the past weeks.
“At times like this, any information on coronavirus-related treatments or tests or vaccines would be invaluable and the priority of any intelligence organization in an affected country,” he said.
Cyber security officials and experts have warned that hackers of all kinds are trying to capitalize on international concerns about the spread of coronavirus.
Urbelis said he tracked down thousands of coronavirus-themed websites that are created daily, many of which are obviously malicious.
“It’s still around 2,000 a day,” he said. “I’ve never seen anything like this.”
Additional reports of Hyonhee Shin in Seoul; Editing by Chris Sanders and Edward Tobin