Hackers working in the interests of the Iranian government have tried to break into the personal email accounts of World Health Organisation staff during the coronavirus outbreak, sources say.
It is not clear if any accounts were compromised, but the attacks show how the WHO and other organisations have come under a sustained campaign by hackers seeking information about the outbreak.
Hacking attempts against the UN health agency and its partners had more than doubled since the start of the coronavirus crisis, which has now killed more than 51,000 worldwide.
The latest effort has been continuing since March 2.
Hackers tried to steal passwords from WHO staff by sending malicious messages designed to mimic Google web services to their personal email accounts, the sources said.
It is a common hacking technique known as "phishing".
"We’ve seen some targeting by what looks like Iranian government-backed attackers targeting international health organisations generally via phishing," said a source from a large technology company that monitors malicious cyber activity.
-
Members of Iranian Red Crescent test people with possible coronavirus Covid-19 symptoms, as police blocked Tehran to Alborz highway to check every car following ordered by the Iranian government, outside Tehran. AFP -
General view of a deserted street, during the intercity ban, amid fear of coronavirus disease (COVID-19), in Tehran, Iran. REUTERS -
A member of the Iranian Army works at a temporary hospital in Tehran, Iran. AP Photo -
Iranian army soldiers work in a temporary 2,000-bed hospital for COVID-19 coronavirus patients set up by the army at the international exhibition center in northern Tehran, Iran. AP Photo -
People in protective clothing work in a temporary 2,000-bed hospital for COVID-19 coronavirus patients set up by the Iranian army at the international exhibition center in northern Tehran, Iran. AP Photo -
Firefighters disinfect a square against the new coronavirus as a man takes film, in western Tehran, Iran. AP Photo -
People in protective clothing walk past rows of beds at a temporary 2,000-bed hospital for COVID-19 coronavirus patients set up by the Iranian army at the international exhibition center in northern Tehran, Iran. AP Photo -
A police vehicle disinfects streets against the coronavirus, in Tehran, Iran. AP Photo -
A statue wearing a protective face mask is pictured, amid fear of coronavirus disease (COVID-19), in Azadi square, in Tehran, Iran. REUTERS -
A man wearing a protective face mask and gloves, amid fear of coronavirus disease (COVID-19), jumps rope at Valiasr street in Tehran, Iran. REUTERS -
A traffic police officer wears a protective face mask and gloves, amid fear of coronavirus disease (COVID-19), as he walks in Tehran, Iran. REUTERS -
A member of Iranian red crescents test passengers of a bus for possible coronavirus Covid-19 symptoms, as police blocked Tehran to Alborz highway to check every car following ordered by Iranian government, outside of Tehran. EPA -
Members of Iranian Red Crescent get themselves disinfected after testing people for possible coronavirus Covid-19 symptoms, outside of Tehran. EPA
WHO spokesman Tarik Jasarevic confirmed that personal email accounts of staff were targeted by phishing attacks, but said the agency did not know who was responsible.
"To the best of our knowledge, none of these hacking attempts were successful," Mr Jasarevic said.
Iran’s government denied any involvement.
“These are all sheer lies to put more pressure on Iran,” said a spokesman at Iran’s Ministry of Information Technology. “Iran has been a victim of hacking.”
Karim Hijazi, chief executive of cyber intelligence company Prevailion, said his recently captured data showed a sophisticated hacking group was targeting the WHO.
Mr Hijazi said the identity of the hackers was difficult to determine, although their techniques appeared to be advanced.
The intrusion attempts are different from others reported by Reuters last week, which sources said were thought to be the work of an advanced group of hackers known as DarkHotel, who have previously been active in East Asia, which has been particularly affected by the coronavirus.
The motives of the hackers was not clear, but targeting officials' personal accounts is a longstanding intelligence-gathering technique.
Other details in this phishing attempt point to links with Tehran.
The same malicious websites used in the WHO break-in attempts were used around the same time to target American academics with ties to Iran.
The related activity, in which the hackers impersonated a well-known researcher, parallels earlier cases where alleged Iranian hackers masqueraded as media figures from organisations such as CNN or The New York Times to trick their targets.
Iran has had enormous loss of life from the coronavirus, and infections have reached the inner circle of the country’s leadership.
A US intelligence source said he was aware of the Iranian campaign and that such attacks were customary during times of international crisis.
Coronavirus response plans for various countries or word of effective treatments would be valuable to intelligence agencies.
But more benign data, such as WHO estimates for infection rates, would also be of use, the source said.
