A group of elite hackers might have been behind a recent attack against the World Health Organization (WHO), as Reuters reported. Flavio Aggio, Chief Information Security Officer of the WHO, has noted that the cyberattacks against the organization have increased two-fold since the global outbreak of the COVID-19 disease.
One break-in attempt was spotted by Alexander Urbelis, an attorney and cybersecurity expert working at the New York-based Blackstone Law Group, which is involved in monitoring suspicious internet domain registration activity. Urbelis first noticed the incident on March 13, when the attackers set up a bogus email login portal for WHO staff that mimicked the organization's internal email system.
''I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,'' Urbelis told Reuters.
It's yet unclear who exactly is behind the attack, cybersecurity experts involved in the matter suspect that it's the work of DarkHotel, an advanced group of hackers that has been conducting cyber-espionage operations since at least 2007. Security researchers found that the same malicious web infrastructure that was used in the attack against WHO was also recently used against other humanitarian and healthcare organizations.
The WHO's Flavio Aggio has confirmed the attempted break-in that aimed at stealing passwords from several agency staffers but said that it has been unsuccessful. He also noted in a phone interview for Reuters that: ''There has been a big increase in targeting of the WHO and other cybersecurity incidents,'' adding ''There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.''
The WHO already published an alert last month, warning that cybercriminals are posing as the agency in order to steal money and valuable data from a society that is relying on the Internet more than ever. Government officials in the U.S. and the U.K. have also issued cybersecurity warnings as more and more people begin to work and study from their homes amid the COVID-19 pandemic.
Security analysts have noted that DarkHotel's activities can be traced as originating from East Asia. The group has been previously seen targeting business executives and government employees in countries such as the United States, North Korea, China, and Japan, suggesting that it might be backed by a nation-state. Experts have speculated that it may have ties to South Korea.