#Privacy: Hackers target WHO

Earlier this month an elite band of hackers attempted to hack into the World Health Organisation (WHO).

Around March 13, Alexander Urbelis, a cybersecurity expert and attorney with the Blackstone Law Group, picked up suspicious internet domain registration activity after a group of hackers, he’d been following, activated a malicious site imitating the WHO’s internal email system.

“I realized quite quickly that this was a live attack on the World Health Organization in the midst of a pandemic,” he told Reuters

It is not known who is behind the attack, however it is suspected to be an elite group of hackers known as DarkHotel. The group has been carrying out cyber-espionage operations since at least 2007. 

WHO Chief Information Security Officer Flavio Aggio confirmed that the malicious site Urbelis detected was being used in an attempt to steal passwords for agency staff.

“There has been a big increase in targeting of the WHO and other cybersecurity incidents,” Aggio told Reuters. “There are no hard numbers, but such compromise attempts against us and the use of (WHO) impersonations to target others have more than doubled.”

It is unclear as to why in this particular case WHO was targeted, however Costin Raiu, head of global research and analysis at Kaspersky said the same malicious web infrastructure had been utilised to target other humanitarian and healthcare organisations over the recent weeks 

“At times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country,” he said.

Just last month, WHO issued a warning regarding attackers impersonating the organisation in order to steal money or the personal information or recipients. 


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/