steampunk heart

WHO targeted in major COVID-19 data-hacking campaign believed tied to Iran

A new report by Reuters alleges a major attempted hack of the World Health Organization (WHO) during the worldwide coronavirus pandemic linked to Iranian state entities.

WHO officials described “a sustained digital bombardment” by hackers described as seeking internal information on the deadly coronavirus, further said to be “more than doubled” compared to prior hacking attempts of the United Nations health agency.

Iran has vehemently denied that it or any of its intelligence arms were behind the computer network attacks, with the Islamic Republic’s information technology ministry dismissing the reports as “sheer lies to put more pressure on Iran.” Instead, the ministry said, “Iran has been a victim of hacking.”

Iran’s leaders have of late lashed out at the US and Western humanitarian organizations for sanctions, which have exacerbated the intensity of the deadly outbreak inside Iran.

Reuters cited an unnamed source only described as working for a large technology company which monitors global cyber-threats as alleging, “We’ve seen some targeting by what looks like Iranian government-backed attackers targeting international health organizations generally via phishing.”

Specifically the report describes the hackers’ methods as follows:

The latest effort has been ongoing since March 2 and attempted to steal passwords from WHO staff by sending malicious messages designed to mimic Google web services to their personal email accounts, a common hacking technique known as “phishing,” according to four people briefed on the attacks. Reuters confirmed their findings by reviewing a string of malicious websites and other forensic data.

Western intelligence sources interviewed further pointed to an Iranian pattern of intensifying cyber-attacks against European and American institutions and targets during times of major international crisis.

Over the past year there’ve been multiple instances of hackers infiltrating US federal websites and displaying pro-Iranian messages on them, especially becoming more intense following the Jan.3 assassination of the IRGC’s Gen. Soleimani.

Reuters referenced the pattern as follows: “Other details in this phishing attempt point to links with Tehran. For example, Reuters found that the same malicious websites used in the WHO break-in attempts were deployed around the same time to target American academics with ties to Iran,” according to the report.

“The related activity – which saw the hackers impersonate a well-known researcher – parallels cases Reuters previously documented where alleged Iranian hackers masqueraded as media figures from organizations such as CNN or The New York Times to trick their targets,” it said.

Since last summer when tensions began soaring between Tehran and Washington, eventually nearly leading to war and tit-for-tat military strikes in January of this year, cyber operations between the US and Iran have reportedly ramped up dramatically, with both sides considering the covert digital intrusions of each others’ classified data an ‘act of war’.