Hack Attempt on the WHO

An elite band of hackers is thought to be behind a digital break-in attempt at the World Health Organization.

WHO Chief Information Security Officer Flavio Aggio said that the attempted attack occurred earlier this month and had made use of a malicious domain. The assailants behind the bungled break-in are yet to be identified. 

The hack was just one of a huge number of attempts made against the organization and its partners in recent weeks, according to Reuters. A senior agency official told the news site that since the outbreak of COVID-19, the number of cyber-attacks on the WHO has doubled as criminals attempt to take advantage of the crisis. 

The WHO issued a warning last month that hackers had been mimicking the agency in an attempt to steal personal information and money from the public. 

This latest unsuccessful break-in was discovered by cybersecurity expert and attorney for Blackstone Law Group Alexander Urbelis, who reported it to Reuters. Blackstone Law Group tracks the registration of suspicious domains from its office in New York.

Urbelis said: “I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic."

Urbelis detected a dodgy site which the WHO's Aggio confirmed had been used in an attempt to steal passwords from multiple staff members at the organization. 

According to two anonymous sources approached by Reuters, responsibility for the attempted hack could lie with an advanced hacking group called DarkHotel. The threat group has been carrying out cyber-espionage for at least 13 years. 

Digital forensic evidence collected by cybersecurity firms including Bitdefender and Kaspersky suggests that DarkHotel has operation based in East Asia. Organizations targeted by the threat group in the past have included government employees and business executives in China, North Korea, Japan, and the United States.

Other malicious sites detected by Urbelis include thousands of websites that seek to con victims out of their money and/or data by exploiting the current coronavirus outbreak.

Describing how many such coronavirus-inspired sites he encounters during the course of his working day, Urbelis said: “It’s still around 2,000 a day. I have never seen anything like this.”

What’s Hot on Infosecurity Magazine?