In brief
- 25,000 emails and passwords allegedly belonging to the World Health Organization and other institutions have been leaked.
- The WHO also reported that hackers have targeted its senior officials recently.
- According to cybersecurity firm Cyble, the leaked credentials date as far back as 2013.
Over 25,000 email addresses and passwords allegedly belonging to employees of the Gates Foundation, the World Health Organization (WHO) and other health institutes were recently leaked by anonymous activists, according to American non-governmental organization SITE Intelligence Group.
Simultaneously, the WHO reported an increase in hacking activity aimed at its officials since mid-March. Bernardo Mariano, the organization’s chief information officer, told Bloomberg yesterday that top officials are being targeted as they prepare a response to the coronavirus pandemic.
“WHO itself hasn’t been hacked, but employee passwords have leaked through other websites,” Mariano noted.
Additionally, over 2,000 passwords—that were allegedly linked to the WHO email accounts—also reportedly began circulating on anonymous message board 4chan on Monday. Most likely, this was just a part of the full list leaked previously.
Senior WHO officials targeted by hackers
According to Mariano, Tedros Adhanom Ghebreyesus, Director-General at the WHO, and Bruce Aylward, a senior envoy who led a COVID-19 response team in China, are among the officials that were targeted.
Furthermore, the organization also detected a “sustained attempt” to gain access to computers of its staff members in South Korea and at the WHO headquarters in Geneva.
“[The hackers] are looking for the highest targets—the key officials involved with the COVID-19 work. The cybersecurity team has never been busier, and we’ve had to increase resources to try to protect ourselves and be vigilant,” Mariano added.
He also said that Interpol and Microsoft, as well as authorities in Israel, the European Union, the UK and Switzerland, have warned the organization about cyberattacks on its infrastructure in recent weeks.
Not a fresh leak
The latest leak may in fact have nothing to do with the recent increase in hacking activity against the WHO. According to cybersecurity firm Cyble, emails and passwords posted on 4chan and other websites this week could have been compromised almost a decade ago.
“We have mapped our dark web records credentials against the ones released on 4chan and they are strikingly similar,” Beenu Arora, founder and CEO of Cyble, told Decrypt. “There is a high probability that the attackers performed a credential stuffing attack,” Arora added, noting that Cyble is monitoring the situation.
According to Arora, while the credentials have been released on 4chan recently, there is “no evidence whatsoever that this is a new leak,” as those emails and passwords were discovered years ago, dating as far back as 2013.
Additionally, the bulk of stolen credentials was leaked through third-party breaches and someone—or a group—”just performed credential harvesting and stuffing” this week, Arora added.
The coronavirus pandemic has seen hackers adapting their tactics; while some have directed their efforts at hacking critical public health services such as the WHO, others have targeted remote workers with coronavirus-themed cyberattacks, or released phony coronavirus tracking apps loaded with malware.