Cyberattacks on WHO up Dramatically Amid Coronavirus Outbreak

(Image credit: Shutterstock)

A senior agency official at the World Health Organization (WHO) told Reuters today that the UN agency is now facing a more than two-fold increase in cyberattacks following the coronavirus outbreak, including attempts to break into its database by “elite hackers” earlier this month.

WHO chief information security officer Flavio Aggio confirmed the attack to Reuters and reassured that it was unsuccessful. He did, however, say that the hackers’ identities remain unknown.

According to Aggio, the attack’s goal was to steal passwords from agency staffers, potentially for phishing purposes. Last month, the WHO published an alert warning against these phishing attempts, reminding the public that the organization will never ask for username or passwords, would never email unrequested attachments or link a website outside its network or charge or conduct lotteries.

“There has been a big increase in targeting of the WHO and other cybersecurity incidents.”  Aggio told Reuters. “There are no hard numbers, but such compromise attempts against us and the use of [WHO] impersonations to target others have more than doubled.”

Alexander Urbelis, a cybersecurity expert and lawyer with the New York-based Blackstone Law Group, was the first to tell Reuters about the attacks from the elite cybercriminals. Blackstone Law Group specializes in tracking suspicious internet domain registration activity, and Urbelis said that he noticed "around" March 13 that a group of hackers had activated a malicious site posing as the WHO’s internal email system.

Urbelis and Blackstone continue to monitor new website domains focused on COVID-19, suspecting a great deal of them are malicious.

“It’s still around 2,000 a day,” Urbelis told the outlet, speaking about the number of new site registrations. “I have never seen anything like it.”

Potential Culprits

Two anonymous sources told Reuters that they suspect DarkHotel was behind the attack earlier this month. The cyberespionage group has been active since at least 2007 and has been tracked by cybersecurity firms, including Romania’s Bitdefender and Russia’s Kaspersky, to East Asia. Past targets include government employees and business executives in the U.S., China, Japan and North Korea.

“At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless,” Kaspersky head of global research and analysis Costin Raiu told Reuters. 

While he could not confirm that DarkHotel was behind the attack on the WHO, he said the same malicious web infrastructure has also been deployed against other healthcare and humanitarian groups in the past month.

Michelle Ehrhardt

Michelle Ehrhardt is an editor at Tom's Hardware. She's been following tech since her family got a Gateway running Windows 95, and is now on her third custom-built system. Her work has been published in publications like Paste, The Atlantic, and Kill Screen, just to name a few. She also holds a master's degree in game design from NYU.

  • bit_user
    Just proving there's no limit to the depths to which some people will go.
  • DotNetMaster777
    The good is that attacks were unsuccessful
  • bit_user
    DotNetMaster777 said:
    The good is that attacks were unsuccessful
    Ah, but would you even know about the successful ones?

    In sophisticated attacks, I've heard that hackers even stage some easily-detected attempts as misdirection and to give the target a false sense of security that their defenses are adequate.