Hackers target WHO in phishing attack

A cyberattack that targeted the World Health Organization (WHO) is probably just the tip of the iceberg according to experts reacting to the news this week.

Reuters first broke the news that a hacking group had targeted WHO, which is the UN agency responsible for international public health. It has played a central role in the monitoring and mitigation of the COVID-19 pandemic in recent weeks.

WHO reportedly noticed the hacking attempt in mid-March. It involved an email front end hosted on a phishing domain that tried to lure the agency’s employees into logging handing over their login credentials.

According to Reuters sources, the attack likely came from Darkhotel, a group that according to MITRE has been active since at least 2004. The group, believed to be based in Southeast Asia, got its name by targeting high-value individuals as they travelled around the world by tracking their hotel bookings via compromised hotel web apps.

Experts aren’t surprised that nation-state actors would target WHO. Lance Spitzner, a certified instructor at cybersecurity training company SANS, tried to put the incident in perspective, telling us:

When you read about it, all the bad guy did was set up a phishing website that emulated the World Health Organization’s internal mail server to harvest logins and passwords.

Phishing attacks like this happen early on in the cyber kill chain, and the attackers reportedly failed. However, that doesn’t mean others won’t be more successful, warned Spitzner, who cited WHO as an important target because of the COVID-19 crisis. He said:

Every nation-state out there is going to want to know the latest and greatest on the coronavirus for political reasons, maybe military reasons or economic reasons. So I would be absolutely shocked if there were not about five nation states that are already in its network.

This isn’t the first health organisation that has suffered attacks during the health crisis. Mid-March also saw a DDoS attack on the US Department of Health and Human Services, along with a social media campaign spreading fake news about the health issue.

According to WHO officials talking to Reuters, the number of attempted cyberattacks against the agency has more than doubled recently. Phishing attacks have also targeted the public to distribute viruses and gather passwords. Earlier this month, the agency issued an advisory warning that criminals would try to impersonate it.

Latest Naked Security podcast


Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.