Elite hackers tried to break into the WHO earlier this month, sources said, part of what a senior agency official said was a more than two-fold increase in cyberattacks.
The identity of the hackers was unclear and the effort was unsuccessful, WHO Chief Information Security Officer Flavio Aggio said.
However, he warned that hacking attempts against the agency and its partners have soared as they battle to contain COVID-19, which has killed more than 15,000 worldwide.
The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious Internet domain registration activity.
Urbelis said that he picked up on the activity around March 13, when a group of hackers he had been following activated a malicious site mimicking the WHO’s internal e-mail system.
“I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” he said.
Urbelis said he did not know who was responsible, but two other sources briefed on the matter said they suspected an advanced group of hackers known as DarkHotel, which has been conducting cyberespionage operations since at least 2007.
Messages sent to e-mail addresses maintained by the hackers went unreturned.
Asked by Reuters about the incident, Aggio confirmed that the site spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staffers.
“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” Aggio said in a telephone interview. “There are no hard numbers, but such compromise attempts against us and the use of [WHO] impersonations to target others have more than doubled.”
The WHO published an alert last month warning that hackers are posing as the agency to steal money and sensitive information from the public.
Government officials in the US, Britain and elsewhere have also issued cybersecurity warnings about the dangers of a newly remote workforce as people disperse to their homes to work and study because of the coronavirus pandemic.
The motives in the case identified by Reuters are not clear.
UN agencies, the WHO among them, are regularly targeted by digital espionage campaigns and Aggio said that he did not know who precisely at the organization the hackers had in their sights.
Cybersecurity firms including Romania’s Bitdefender and Moscow-based Kaspersky said that they have traced many of DarkHotel’s operations to East Asia — an area that has been particularly affected by the coronavirus.
Specific targets have included government employees and business executives in places such as China, North Korea, Japan and the US.
Costin Raiu, director of global research and analysis at Kaspersky, could not confirm that DarkHotel was responsible for the WHO attack, but said that the same malicious Web infrastructure had also been used to target other healthcare and humanitarian organizations in the past few weeks.
“At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country,” he said.
Officials and cybersecurity experts have warned that hackers of all stripes are seeking to capitalize on international concern over the spread of the coronavirus.
Urbelis said that he has tracked thousands of coronavirus-themed Web sites being set up daily, many of them obviously malicious.
“It’s still around 2,000 a day,” he said. “I have never seen anything like this.”
CONFRONTATION: The water cannon attack was the second this month on the Philippine supply boat ‘Unaizah May 4,’ after an incident on March 5 The China Coast Guard yesterday morning blocked a Philippine supply vessel and damaged it with water cannons near a reef off the Southeast Asian country, the Philippines said. The Philippine military released video of what it said was a nearly hour-long attack off the Second Thomas Shoal (Renai Shoal, 仁愛暗沙) in the contested South China Sea, where Chinese ships have unleashed water cannons and collided with Philippine vessels in similar standoffs in the past few months. The China Coast Guard and other vessels “once again harassed, blocked, deployed water cannons, and executed dangerous maneuvers” against a routine rotation and resupply mission to
GLOBAL COMBAT AIR PROGRAM: The potential purchasers would be limited to the 15 nations with which Tokyo has signed defense partnership and equipment transfer deals Japan’s Cabinet yesterday approved a plan to sell future next-generation fighter jets that it is developing with the UK and Italy to other nations, in the latest move away from the country’s post-World War II pacifist principles. The contentious decision to allow international arms sales is expected to help secure Japan’s role in the joint fighter jet project, and is part of a move to build up the Japanese arms industry and bolster its role in global security. The Cabinet also endorsed a revision to Japan’s arms equipment and technology transfer guidelines to allow coproduced lethal weapons to be sold to nations
Thousands of devotees, some in a state of trance, gathered at a Buddhist temple on the outskirts of Bangkok renowned for sacred tattoos known as Sak Yant, paying their respects to a revered monk who mastered the practice and seeking purification. The gathering at Wat Bang Phra Buddhist temple is part of a Thai Wai Khru ritual in which devotees pay homage to Luang Phor Pern, the temple’s formal abbot, who died in 2002. He had a reputation for refining and popularizing the temple’s Sak Yant tattoo style. The idea that tattoos confer magical powers has existed in many parts of Asia
ON ALERT: A Russian cruise missile crossed into Polish airspace for about 40 seconds, the Polish military said, adding that it is constantly monitoring the war to protect its airspace Ukraine’s capital, Kyiv, and the western region of Lviv early yesterday came under a “massive” Russian air attack, officials said, while a Russian cruise missile breached Polish airspace, the Polish military said. Russia and Ukraine have been engaged in a series of deadly aerial attacks, with yesterday’s strikes coming a day after the Russian military said it had seized the Ukrainian village of Ivanivske, west of Bakhmut. A militant attack on a Moscow concert hall on Friday that killed at least 133 people also became a new flash point between the two archrivals. “Explosions in the capital. Air defense is working. Do not