A group of hackers created a malicious website posing as an email login portal for World Health Organization employees in an attempt to steal passwords. The attack was unsuccessful, according to WHO chief information security officer Flavio Aggio.
It’s suspected that an “advanced” group of hackers called DarkHotel is behind the attack. Cyber attacks against WHO have risen dramatically during the coronavirus pandemic.
Elite hackers tried to break into the World Health Organization earlier this month. WHO Chief Information Security Officer Flavio Aggio said the identity of the hackers was unclear, but the effort was unsuccessful.
The attempted break-in at the WHO was first flagged to Reuters by Alexander Urbelis, a cybersecurity expert and attorney with the New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity.
Urbelis said he picked up on the activity around March 13, when a group of hackers he’d been following activated a malicious site mimicking the WHO’s internal email system.
“I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” he said.
Urbelis said he didn’t know who was responsible, but two other sources briefed on the matter said they suspected an advanced group of hackers known as DarkHotel, which has been conducting cyber-espionage operations since at least 2007.
When asked by Reuters about the incident, the WHO’s Aggio confirmed that the site spotted by Urbelis had been used in an attempt to steal passwords from multiple agency staffers.
“There has been a big increase in the targeting of the WHO and other cybersecurity incidents,” Aggio said in a telephone interview. “There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”