According to sources, Elite hackers tried to hack into the World Health Organization earlier this month in what is a more than two-fold increase in cyberattacks this month.
According to Flavio Aggio, WHO’s Chief Information Security Officer, the hack was unsuccessful. He warned that the agency is seeing an increase in hacking attacks on itself and its partners as it battles the Wuhan coronavirus which has so far killed more than 15,000 globally.
The attempted hacking incident at the WHO was first flagged by Alexander Urbelis, a cybersecurity expert and an attorney with the Blackstone Law Group.
Urbelis stated, he picked up on the suspicious activity around March 13, when a group of hackers he’d been following activated a malicious site mimicking the WHO’s internal email system.
“I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” said Urbelis.
Although Urbelis said, it was too early to say who was responsible for this unsuccessfully hacking attempt, two sources briefed on the matter disclosed, they suspect it was the work of an advanced group of hackers known as DarkHotel.
The WHO’s Aggio has also confirmed that the site spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staffers.
“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” said Aggio while adding, “There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”
In an alert last month, the WHO said, hackers are posing as the agency to steal money and sensitive information from the public.
Government officials, including those in the United States, Britain and others have warned of cybersecurity risks of working remotely from home as a result of the Wuhan coronavirus.
Cybersecurity firms including Romania’s Bitdefender and Russia’s Kaspersky Labs have said, many of DarkHotel’s operations have been traced to East Asia.
While Costin Raiu, Kaspersky’s head of global research and analysis said, he could not confirm that DarkHotel was responsible for the WHO hacking attempt he however noted that the same malicious web infrastructure had also been used to target other healthcare and humanitarian organizations in recent weeks.
“At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country,” said Raiu.
Urbelis also mentioned, he has tracked thousands of coronavirus-themed web sites that are cropping up daily with many of them being obviously malicious.
“It’s still around 2,000 a day,” he said. “I have never seen anything like this.”