Hackers Tried To Break Into WHO, Are They Trying To Stop Us From Fighting COVID-19?

Dhir Acharya - Mar 24, 2020

As the battle against COVID-19 is getting rough around the world, a group of hackers decided to break into WHO, again. Their motives remain unclear.

Elite hackers attempted to break into WHO earlier this month as part of somewhat an over two-fold increase in cyberattacks, Reuters reported.

The Chief Information Security at WHO, Flavio Aggio, said that the hacker’s identities were unclear but they didn’t succeed in this attack. However, he warned that as the organization is battling COVID-19, there is also an increase in the hacking attempts towards the agency as well as its partners.

The latest attempt to break into WHO was first informed to Reuters by cybersecurity expert Alexander Urbelis. He’s also an attorney with the Blackstone Law Group that tracks internet domain registration activities that are suspicious.

The cybersecurity expert said that he noticed the activity sometime around March 13 when he spotted a hacker group he had been following to activate a malicious website that mimics the internal email system of WHO. He quickly realized that was a live attack on the organization amid a global epidemic.

While Uberlis did not know who’s behind the attack, there are two sources mentioning a suspected advanced hacker group called DarkHotel that has been in cyber-espionage operations since 2007.

The messages sent to email addresses held by the hackers were never returned.

The attempts aimed at WHO and others have more than doubled

Aggio confirmed that the site noticed by Urbelis had been used to steal passwords from staffers at the agency. In an interview, he said that there’re no had numbers on the attacks but the attempts aimed at WHO and others have more than doubled.

The motives for these attacks remain unclear but several UN agencies, including WHO, are often targeted by digital hackers. Meanwhile, cybersecurity companies like Kaspersky and Bitdefender said that they have traced a lot of DarkHotel’s operations leading to East Asia, which is heavily influenced by COVID-19. The group’s targets included business executives and government employees in Japan, North Korea, China, and the US.

According to Kaspersky analyst and head of global research Costin Raiu, it’s not certain that this group is behind the WHO attack, but the same website has been spotted targetting other humanitarian and healthcare organizations over the recent weeks.

Uberlis added that he has done some tracking on thousands of coronavirus-themed sites that are set up every day, many of which are obviously malicious. “It's still around 2,000 a day. I have never seen anything like this,” he said.