Since April this year hackers have been attempting to compromise World Health Organization via coronavirus-themed emails ostensibly sent from news organizations and researchers, Bloomberg News reports.
According to people with knowledge of the matter, the attacks have started on April 3 and involved seemingly benign emails, which, however, contained malicious links. It is believed that “the hacking effort was an attempt to steal passwords and possibly install malware on WHO computers.”
Two of the messages, Bloomberg said, were disguised as coronavirus newsletters from the British Broadcasting Corporation, while the third letter was designed to look like an interview request from the American Foreign Policy Council, a conservative think tank based in Washington. The emails contained a shortened Google link, which directed user to a malicious domain.
According to Ohad Zaidenberg, lead cyber intelligence researcher at Clearsky Cyber Security, the messages may have been sent by a group of state-sponsored Iranian hackers known as “Charming Kitten,” which has been active since 2014 and previously targeted Iranian dissidents, academics, journalists and human rights activists.
This conclusion was made based on the domains featured in emails, including mobiles.identifier-services-session.site, sgnldp.live, and a link shortening service, bitli.pro, all of which have been used in previous attacks by Charming Kitten.
Beginning in early April, Charming Kitten began a new malicious campaign, sending emails about fake coronavirus research to researchers, journalists, and government officials, Zaidenberg said.
Flavio Aggio, the WHO’s chief information security officer, has confirmed the organization had been subjected to “very clever attacks”, although attempted intrusions against the WHO had so far been unsuccessful.
“We are dealing with an information war and a cyberwar at the same time,” he said.