Categories: News

New espionage attempts target WHO, trying to steal data

New espionage attempts target WHO (The World Health Organization) in order to steal information about the possible cures, tests or vaccines for COVID-19.

As the worldwide COVID-19 pandemic continues, the number of attacks doubled, according to officials. Most recently, the DarkHotel APT group has tried to infiltrate WHO’s networks to steal information.

Cybersecurity researchers observed on March 13 a malicious site that mimicked the WHO’s internal email system. Thus, the attackers tried to steal passwords from multiple agency staffers. Alexander Urbelis, cybersecurity researcher at Blackstone Law Group, said he realized “quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic.”

So, according to Costin Raiu, Kaspersky researcher, mentioned that the information about remediation for coronavirus is invaluable for any intelligence agency.

Some researchers consider that the DarkHotel, an andvanced persistent threat (APT) group associated with cyberespionage in China, North Korea, Japan and US, might be behind this attack.

DarkHotel was firstly identified in 2014 by Karspesky researchers. At that time, they mentioned that the group had been active since at least 2007. The APT became known for targeting diplomats and corporate executives via Wi-Fi networks at luxury hotels. Then, it has widened its targeting, while continuing to leverage zero-day vulnerabilities and exploits. Only two days ago, Nikolay Pankov, from Kaspersky, mentioned in an article that “Health-care facilities are struggling with the current coronavirus epidemic”. So, there is no surprise that espionage attempts target WHO. The solution Pankiv came with was that to help these facilities with cyberprotection. So, Kaspersky decided to offer free six-month licenses for these.

Fears fuel the cybercriminals

Meanwhile, cybercriminals are tapping into the fears around coronavirus. They launch many cyberattacks using COVID-19 as a lure or theme. Flavio Aggio, WHO Chief Information Security Officer (CISO), told Reuters: “There has been a big increase in targeting of the WHO and other cybersecurity incidents… such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.” The WHO also published an alert warning against these attempts.

On Tuesday, CrowdStrike mentioned a scam impersonating WHO that requested Bitcoin donations to the COVID-19 Solidarity Response Fund. Firstly, the attackers copied one of the messages directly from the official website of the fund. Also, the scam emails spoofed WHO email addresses (e.g., using <donate@who.int>) but came from other domains than WHO’s.

Still, these attacks are not a surprise, as people are turning to the official WHO website for advice and guidance. Also, many other malicious emails using coronavirus as a theme are spreading phishing and malware. Other attacks include malicious websites and apps that pretend to share coronavirus related information. In fact, they access victim’s devices. At the same time, some fraudulent websites pretend to sell coronavirus cures.

But, cybercriminals try to target the fear and uncertainty of the users. They work to make their messaging very tempting. So, users should be very vigilant and seek for information from official sources and their websites. In order to get rid of the possibly fake ads, you can use Ad Guardian Plus, for free.

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

2 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

3 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

3 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

3 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago