In brief
- 25,000 emails and passwords allegedly belonging to the World Health Organization and other institutions have been leaked.
- The WHO also reported that hackers have targeted its senior officials recently.
- According to cybersecurity firm Cyble, the leaked credentials date as far back as 2013.
Over 25,000 email addresses and passwords allegedly belonging to employees of the Gates Foundation, the World Health Organization (WHO) and other health institutes were recently leaked by anonymous activists, according to American non-governmental organization SITE Intelligence Group.
Simultaneously, the WHO reported an increase in hacking activity aimed at its officials since mid-March. Bernardo Mariano, the organization’s chief information officer, told Bloomberg yesterday that top officials are being targeted as they prepare a response to the coronavirus pandemic.
“WHO itself hasn’t been hacked, but employee passwords have leaked through other websites,” Mariano noted.
Additionally, over 2,000 passwords—that were allegedly linked to the WHO email accounts—also reportedly began circulating on anonymous message board 4chan on Monday. Most likely, this was just a part of the full list leaked previously.
Senior WHO officials targeted by hackers
According to Mariano, Tedros Adhanom Ghebreyesus, Director-General at the WHO, and Bruce Aylward, a senior envoy who led a COVID-19 response team in China, are among the officials that were targeted.
Furthermore, the organization also detected a “sustained attempt” to gain access to computers of its staff members in South Korea and at the WHO headquarters in Geneva.
WHO, IBM, Microsoft launch blockchain hub to track coronavirus
The World Health Organization has teamed up with tech giants IBM, Oracle, and Microsoft, as well as decentralized platform Hacera, to create an open-data blockchain hub that lets people check whether they have been near anyone who’s been infected with COVID-19. The project, called MiPasa, is based on enterprise-grade blockchain Hyperledger Fabric. It comprises various analytics tools and data sources that help citizens and public health officials detect coronavirus infection hotspots. Public he...
“[The hackers] are looking for the highest targets—the key officials involved with the COVID-19 work. The cybersecurity team has never been busier, and we’ve had to increase resources to try to protect ourselves and be vigilant,” Mariano added.
He also said that Interpol and Microsoft, as well as authorities in Israel, the European Union, the UK and Switzerland, have warned the organization about cyberattacks on its infrastructure in recent weeks.
Not a fresh leak
The latest leak may in fact have nothing to do with the recent increase in hacking activity against the WHO. According to cybersecurity firm Cyble, emails and passwords posted on 4chan and other websites this week could have been compromised almost a decade ago.
“We have mapped our dark web records credentials against the ones released on 4chan and they are strikingly similar,” Beenu Arora, founder and CEO of Cyble, told Decrypt. “There is a high probability that the attackers performed a credential stuffing attack,” Arora added, noting that Cyble is monitoring the situation.
According to Arora, while the credentials have been released on 4chan recently, there is “no evidence whatsoever that this is a new leak,” as those emails and passwords were discovered years ago, dating as far back as 2013.
Coronavirus ransomware hackers demanding payments in Bitcoin
Despite the global effort to limit the impact of the coronavirus pandemic, there are bad actors taking advantage of the chaos. From profiteers ramping up prices of essential goods, to hoarders stockpiling medical equipment, there’s no shortage of nefarious behaviour. Perhaps the most insidious, though, is hackers using ransomware to target the critical public services responding to the coronavirus threat—and demanding payment in Bitcoin. There’s nothing like fear and uncertainty to help indivi...
Additionally, the bulk of stolen credentials was leaked through third-party breaches and someone—or a group—”just performed credential harvesting and stuffing” this week, Arora added.
The coronavirus pandemic has seen hackers adapting their tactics; while some have directed their efforts at hacking critical public health services such as the WHO, others have targeted remote workers with coronavirus-themed cyberattacks, or released phony coronavirus tracking apps loaded with malware.
