Hackers Target WHO, Other Health Organizations Fighting COVID-19

The World Health Organization was the target of an unsuccessful cyberattack earlier this month, with hackers trying to steal passwords from agency staffers. Officials say attack attempts have more than doubled in recent weeks.

by / March 27, 2020
Shutterstock/Michael Passet

Hackers have apparently been trying to breach the firewalls of the World Health Organization (WHO), which was the target of an unsuccessful cyberattack earlier this month, according to Reuters

In what appears to be a trend of attacks on health organizations fighting the novel coronavirus (COVID-19) pandemic, an unidentified "elite team" of hackers apparently used a fake site that "mimicked WHO's internal email system" in an attempt to steal passwords from agency staffers. This revelation follows shortly on the heels of a largely unsuccessful attack against the U.S. Health and Human Services (HSS) agency. 

WHO, which is an agency of the United Nations, has been at the forefront of education and outreach regarding the global health crisis. 

It is suspected that the group responsible for the attempt is one called Darkhotel, which is believed to originate out of South Korea and is known mostly for its targeting of business executives in Asia and Russia, according to Kaspersky Labs.  

While some hacking groups have claimed they will abstain from attacking health organizations during the COVID-19 outbreak, WHO CISO Flavior Aggio said that his organization has seen a "twofold" increase in attempted cyberattacks since they've been fighting the virus. 

“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” Aggio said, speaking with Reuters. “There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”

Hackers have also used the WHO's authority as a renowned health organization in their schemes, crafting lures and fake, malware-laden websites to take advantage of people looking for credible information about the spread of the virus. 

The organization put out a release last month warning online visitors of criminals "pretending to be WHO." 

Platforms & Programs