Elite hackers tried to break into the WHO earlier this month, sources said, part of what a senior agency official said was a more than two-fold increase in cyberattacks.
The identity of the hackers was unclear and the effort was unsuccessful, WHO Chief Information Security Officer Flavio Aggio said.
However, he warned that hacking attempts against the agency and its partners have soared as they battle to contain COVID-19, which has killed more than 15,000 worldwide.
The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious Internet domain registration activity.
Urbelis said that he picked up on the activity around March 13, when a group of hackers he had been following activated a malicious site mimicking the WHO’s internal e-mail system.
“I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” he said.
Urbelis said he did not know who was responsible, but two other sources briefed on the matter said they suspected an advanced group of hackers known as DarkHotel, which has been conducting cyberespionage operations since at least 2007.
Messages sent to e-mail addresses maintained by the hackers went unreturned.
Asked by Reuters about the incident, Aggio confirmed that the site spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staffers.
“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” Aggio said in a telephone interview. “There are no hard numbers, but such compromise attempts against us and the use of [WHO] impersonations to target others have more than doubled.”
The WHO published an alert last month warning that hackers are posing as the agency to steal money and sensitive information from the public.
Government officials in the US, Britain and elsewhere have also issued cybersecurity warnings about the dangers of a newly remote workforce as people disperse to their homes to work and study because of the coronavirus pandemic.
The motives in the case identified by Reuters are not clear.
UN agencies, the WHO among them, are regularly targeted by digital espionage campaigns and Aggio said that he did not know who precisely at the organization the hackers had in their sights.
Cybersecurity firms including Romania’s Bitdefender and Moscow-based Kaspersky said that they have traced many of DarkHotel’s operations to East Asia — an area that has been particularly affected by the coronavirus.
Specific targets have included government employees and business executives in places such as China, North Korea, Japan and the US.
Costin Raiu, director of global research and analysis at Kaspersky, could not confirm that DarkHotel was responsible for the WHO attack, but said that the same malicious Web infrastructure had also been used to target other healthcare and humanitarian organizations in the past few weeks.
“At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country,” he said.
Officials and cybersecurity experts have warned that hackers of all stripes are seeking to capitalize on international concern over the spread of the coronavirus.
Urbelis said that he has tracked thousands of coronavirus-themed Web sites being set up daily, many of them obviously malicious.
“It’s still around 2,000 a day,” he said. “I have never seen anything like this.”
EVOLVING SITUATION: Of the latest cases, 23 percent were found to be asymptomatic, but the coronavirus strain in Da Nang is more contagious, authorities said A COVID-19 outbreak that began in the Vietnamese city of Da Nang more than a week ago has spread to at least four city factories with a combined workforce of about 3,700, state media reported yesterday. Four cases were found at the plants in different industrial parks in the central city that collectively employ 77,000 people, the Lao Dong newspaper said. Vietnam, praised widely for its decisive measures to combat the novel coronavirus since it first appeared in late January, is battling new clusters of infection having gone for more than three months without detecting any domestic transmissions. Authorities yesterday reported one new
WARNINGS OVER COMPLACENCY: The curves of new infections in numerous countries is climbing, while others see the the first new infections in months Spikes in COVID-19 infections in Asia have dispelled any notion that the region might be over the worst, with Australia and India yesterday reporting record daily infections, Vietnam fretting over a new surge and North Korea urging vigilance. Asian nations had largely prided themselves on rapidly containing initial outbreaks after the coronavirus emerged in central China late last year, but flare-ups this month have shown the danger of complacency. “We’ve got to be careful not to slip into some idea that there’s some golden immunity that Australia has in relation to this virus,” Australian Prime Minister Scott Morrison told reporters. Australia recorded its
‘COVIDIOTS’: Politicians condemned the protest that came amid surging infections in the country, while a marcher said government-induced fear weakened the body Loudly chanting their opposition to masks and vaccines, thousands of people on Saturday gathered in Berlin to protest against COVID-19 restrictions before being dispersed by police. Police put turnout at about 20,000 — well below the 500,000 organizers had announced as they urged a “day of freedom” from months of virus curbs. Despite Germany’s comparatively low toll, authorities are concerned at a rise in infections over the past few weeks and politicians took to social media to criticize the rally as irresponsible. “We are the second wave,” shouted the crowd, a mixture of hard left and right and conspiracy theorists, as they converged
The Australian government yesterday said that it plans to give Google and Facebook three months to negotiate with media businesses fair pay for news content. In releasing a draft of a mandatory code of conduct, Canberra aims to succeed where other nations have failed in making tech firms pay for news siphoned from commercial media companies. Australian Treasurer Josh Frydenberg said that Google and Facebook would be the first platforms targeted by the proposed legislation, but others could follow. “It’s about a fair go for Australian news media businesses, it’s about ensuring that we have increased competition, increased consumer protection and a sustainable