Iranian hackers target email accounts of WHO staff with spear-phishing messages amid coronavirus pandemic
The attacks began on 2nd March and are continuing
Hackers suspected to have ties with Iranian government are currently trying to break into personal email accounts of the World Health Organisation (WHO) employees in an effort to steal valuable information about the Covid-10 outbreak.
That's according to Reuters, which says in a report that these attacks have been on-going since 2nd March, although it is not yet clear if the attackers were able to compromise any account.
The attackers have been sending multiple spear-phishing emails to WHO employees, which appear to be coming from the email accounts of Google web services. The purpose of these emails is to trick users into revealing their account passwords by clicking malicious links.
WHO spokesman Tarik Jasarevic confirmed the on-going cyberattacks.
"To the best of our knowledge, none of these hacking attempts were successful," he said.
A cybersecurity expert working for a big tech firm told Reuters that they had also observed targeted attacks against various international health organisations in recent days, which appear to be the work of Iranian government-backed attackers.
Reuters said its recent investigation indicated that the malicious websites used in the new cyber attacks against WHO were deployed around the same time that American academics with ties to Iran were also targeted.
A spokesperson for Iran's information technology ministry described the new accusations as "sheer lies to put more pressure on Iran". The spokesperson said that Iran was itself facing cyber attacks from other countries.
The incident comes less than two weeks after it emerged that WHO was unsuccessfully targeted by an advanced group of hackers.
While the identity of that hacking group could not be ascertained, some security experts believed that it could be the handiwork of "DarkHotel" - a threat group that has been active since 2007 and has previously targeted several business entities and government agencies in the US, Japan, China, and other countries.
Flavio Aggio, the Chief Information Security Officer (CISO) of WHO, said the agency had seen two-fold increase in attempted cyber attacks against it since the start of the coronavirus pandemic.
The US Health and Human Services (HHS) Department reported last month that it was hit by a cyber attack that seemed to be focused on hurting its ability to respond to coronavirus crisis.
The hackers did not attempt to steal any data, but instead tried to overload HHS' systems with traffic through a distributed denial of service (DDoS) attack.