WHO Chief Information Security Officer Flavio Aggio said the identity of the hacking group isn’t known, and cyberattacks against the organization have increased exponentially during the coronavirus crisis.
The hack was discovered by Alexander Urbelis, a cybersecurity expert and lawyer who looks for suspicious internet activity. He said he discovered the activity on March 13, when hackers introduced a fake, malicious site that pretended to be the WHO’s email system.
“I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” he said.
While Urbelis said he didn’t know exactly who was responsible, other sources said they suspected hacking group DarkHotel, a group that has been around since 2007.
Aggio said the attack was an attempt to steal passwords from WHO workers.
“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” Aggio said. “There are no hard numbers, but such compromise attempts against us and the use of [WHO] impersonations to target others have more than doubled.”
Last month, the WHO said it was being imitated by hackers to steal money and information.
“Criminals are disguising themselves as WHO to steal money or sensitive information,” the WHO said in a press release. “If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding.”
Aggio said he didn’t know why the organization was attacked, but that it’s a regular target for hackers looking to steal information and take advantage of a difficult situation.
Other organizations have also been targeted during the coronavirus pandemic. AP-HP, the Paris hospital authority, was targeted this week when hackers tried to overwhelm the agency’s computers. The attack was unsuccessful.
The U.S. Health and Human Services Department also was recently attacked in a hack that seemed to try to hurt its ability to respond to the crisis.
Australia’s main internet site, one that provides information about the virus, was also recently attacked.