We should look at when the Associated Press had their Twitter account hacked in 2013 to see the impact social media could have on the stock markets.”Īttackers might also be looking to sow chaos via privileged access to WHO communications. In addition, if attackers were able to take over any of the official social media accounts for the WHO and use them to spread misinformation, we could see impacts to already struggling economies across the globe. These were fairly easy to spot, however, if a legitimate account really was compromised and used to send phishing emails, the impact would be much greater. Erich Kron, Security Awareness Advocate for KnowBe4, offered some insider insight: “Early in the pandemic, we saw attackers sending phishing emails disguised to look like official information from the WHO, which was being used to steal credentials. Inside information that is not available to the public regarding treatment drugs or vaccines in development could be valuable, as well as unfiltered information about the progress of the pandemic in various countries that WHO staff might be privy to. The WHO is not necessarily the first organization one thinks of when the subject of cyber espionage comes up, but criminals and even nation-states might have some compelling reasons for targeting it. The connection is based on the use of malicious websites that were also used by Iranian hackers in attacks on American academics in recent months. Reuters is reporting that a more recent phishing attempt on WHO employees is linked to state-sponsored Iranian hackers. The group is known to run highly targeted spearphishing campaigns against VIP targets and has long experience with these types of attacks.
It is primarily a cybercrime-for-profit group that has previously tended to focus on countries in Asia, and got its name due to a penchant for hacking upscale hotel WiFi networks to steal confidential business information and commit cyber espionage targeting select guests. The group of hackers is thought to be based in South Korea, but it is unclear if it is affiliated with any government agencies. The site appeared to be focused on tricking WHO staff into entering login credentials, and similar infrastructure has been used recently in attacks on health care organizations.ĭarkHotel is an advanced persistent threat (APT) group that has been active since 2007.
Urbelis “realized quite quickly” that the group was actively targeting the WHO.
Cybersecurity expert Alexander Urbelis of Blackstone Law Group caught wind of the cyber espionage attempt early, believing it to be the work of a group called DarkHotel that he regularly monitors.
0 kommentar(er)
