Phishing, Content

Iranian Hackers Suspected in WHO Spear-phishing Campaign

Iran-backed nation-state hackers recently tried to hijack the personal email accounts of a number of World Health Organization (WHO) staffers, reports said.

It’s not clear what the hackers were after other than targeting top executives in a spear phishing expedition, Reuters reported. A WHO spokesperson confirmed the attempting infiltration but did not identify the attackers behind the incidents. At this point, officials don’t yet know if any of the email accounts have been compromised. “To the best of our knowledge, none of these hacking attempts were successful,” the spokesperson said.

The cyber attacks have apparently been ongoing since March 2, Reuters said. The con artists disguised their emails as coming from Google web services to lure unsuspecting victims into keying in their email passwords. “We’ve seen some targeting by what looks like Iranian government-backed attackers targeting international health organizations generally via phishing,” said one of Reuters’ four sources, whose company monitors internet traffic for malicious cyber activity.

In response, a spokesperson for Iran’s information ministry, referencing U.S. economic sanctions, said that claims of an attack were ““sheer lies to put more pressure on Iran.”

This is the second WHO-related cyber attack in recent weeks. A hacking crew, perhaps the notorious DarkHotel, has repeatedly tried to break in the WHO network, Reuters previously reported. A significant number of malicious sites posing as the WHO’s internal mail system have been found but to this point, the crew’s attempts have not succeeded. Still, whoever is behind that cyber campaign has been trying to lift the passwords of a number of agency personnel.

WHO officials recently posted an alert that hackers are impersonating the agency with stealing money and confidential information as their intentions. “Criminals are disguising themselves as WHO to steal money or sensitive information,” the WHO’s bulletin said. “There has been a big increase in targeting of the WHO and other cybersecurity incidents,” he said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.