Hackers attempt to breach WHO’s infrastructure mimicking their internal email system

COVID-19 pandemic has infected more than 350,000 people around the world and the fatalities have sky rocketed to 15,000 when this article is being composed. Healthcare organizations are working round the clock to assist the infected people and are in tremendous psychological stress. Nevertheless, the hackers aren’t slowing down even during this pandemic.

A group of elite hackers have targeted the World Health Organization (WHO) in an attempt to breach their infrastructure by mimicking their internal email system. Any possible credential theft could have given them the privilege to break into WHO’s communication, documents and pandemic related information. 

Flavio Aggio, the Chief Information Security Officer of WHO said that the identity of hackers isn’t known yet but their attempt to breach in resulted in failure. Alexander Urbelis, a cybersecurity expert and attorney with a New York based law group first reported the news to Reuters, after he picked up the malicious activity on March 13th. He identified the attack as soon as he spotted a malicious site mimicking the WHO’s infrastructure. However, based on the information from other sources, a hacker group called DarkHotel is suspected to be behind this attempt. 

Aggio also did mention that, WHO is used to cyberattacks even during non-critical times, and attacks during pandemic is immoral but not so surprising for them. DarkHotel has been involved in a substantial amount of cyber-espionage campaigns since 2007. With people working remotely, coronavirus themed cyberattacks are expected to exponentiate for next few weeks.

Hackers motives to launch these attacks

Hackers are usually after monetary benefits or causing chaos to businesses but any breach attempts into organization like WHO means they are looking for confidential information, which could be about the treatment procedures, states of vaccine research and more. At this point of time, any valuable information regarding the vaccine could give a breathing space for countries that are suffering from this pandemic.

Security organizations like Kaspersky and bit-defender have already tracked the actions of DarkHotel group in East Asian countries like North Korea, China and Japan. Considering DarkHotel has orchestrated similar attacks on healthcare organizations in these countries, Kaspersky suspects they could be behind the WHO attack as well. Urbelius has also mentioned that there are plenty of coronavirus themed websites that are being created and registered, however most of them are malicious in nature trying to fool the visitors and thus one way or other getting benefited through by their presence.

Yesterday, there was a coverage on Netwalker ransomware from our site, which again clouts on corona virus pandemic. Cyberattacks themed around COVID-19 will shoot up in upcoming weeks as more countries are going into lock down and working from home. Insure your employees by preaching them the right cybersecurity measures to keep themselves safe against potential hack attempts.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.