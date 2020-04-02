You are here

Hackers linked to Iran target WHO staff emails during coronavirus

Hacking attempts against the World Health Organization and its partners have more than doubled since the beginning of the coronavirus crisis. (Reuters)
Traffic passes the Regional Office for the Americas of the World Health Organization (WHO) during the coronavirus disease (COVID-19) outbreak in Washington, D.C. March 22, 2020. (Reuters)
  • Attacks show how the WHO and other organizations at the center of a global effort to contain the coronavirus have come under a sustained digital bombardment by hackers
  • Large prizes for intelligence agencies would include coronavirus response plans for various countries, or word of effective treatments
SAN FRANCISCO/WASHINGTON/LONDON: Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters.
It is not clear if any accounts were compromised, but the attacks show how the WHO and other organizations at the center of a global effort to contain the coronavirus have come under a sustained digital bombardment by hackers seeking information about the outbreak.
Reuters reported in March that hacking attempts against the United Nations health agency and its partners had more than doubled since the beginning of the coronavirus crisis, which has now killed more than 40,000 worldwide.
The latest effort has been ongoing since March 2 and attempted to steal passwords from WHO staff by sending malicious messages designed to mimic Google web services to their personal email accounts, a common hacking technique known as “phishing,” according to four people briefed on the attacks. Reuters confirmed their findings by reviewing a string of malicious websites and other forensic data.
“We’ve seen some targeting by what looks like Iranian government-backed attackers targeting international health organizations generally via phishing,” said one of the sources, who works for a large technology company that monitors Internet traffic for malicious cyber activity.
WHO spokesman Tarik Jasarevic confirmed that personal email accounts of WHO staff were being targeted by phishing attacks, but said the WHO did not know who was responsible. “To the best of our knowledge, none of these hacking attempts were successful,” he said.
Iran’s government denied any involvement. “These are all sheer lies to put more pressure on Iran,” said a spokesman at Iran’s information technology ministry. “Iran has been a victim of hacking.”
Karim Hijazi, chief executive of cyber intelligence firm Prevailion, shared his recently captured data with Reuters that shows a sophisticated hacking group was actively targeting the global health organization. Reuters couldn’t independently confirm his analysis. Hijazi said the identity of the hackers was difficult to determine, although their techniques appeared advanced.
The intrusion attempts are distinct from others reported by Reuters last week, which sources said were thought to be the work of an advanced group of hackers known as DarkHotel that has previously been active in East Asia — an area that has been particularly affected by the coronavirus.
The motives of the hackers was not clear, but targeting officials at their personal accounts is a longstanding intelligence-gathering technique.
Other details in this phishing attempt point to links with Tehran. For example, Reuters found that the same malicious websites used in the WHO break-in attempts were deployed around the same time to target American academics with ties to Iran.
The related activity — which saw the hackers impersonate a well-known researcher — parallels cases Reuters previously documented where alleged Iranian hackers masqueraded as media figures from organizations such as CNN or The New York Times to trick their targets.
Iran has suffered enormous loss of life from the coronavirus, and infections have reached the inner circle of the country’s leadership.
A person close to US intelligence said he was aware of the Iranian campaign and that such attacks are standard fare during times of international crisis.
While large prizes for intelligence agencies would include coronavirus response plans for various countries or word of effective treatments, more benign data, such as WHO estimates for infection rates, would also be valuable, the person said.

Extremists see global chaos from virus as an opportunity

  • The International Crisis Group warned that the pandemic threatens the global solidarity that is key to fighting extremists
  • In a sharp commentary in its Al-Naba newsletter in mid-March, Daesh urged followers to show no mercy and launch attacks in this time of crisis
JOHANNESBURG: Both the Daesh group and Al-Qaeda see the coronavirus as a threat, but some of their fighters also see the upheaval from the pandemic as an opportunity to win over more supporters and strike harder than before.
Messages from the extremist groups show concern about the virus mixed with bravado, asserting that it is punishment for non-Muslims while also urging followers to repent and take care of themselves.
Al-Qaeda suggested in a statement Tuesday that non-Muslims use their time in quarantine to learn about Islam.
But in a sharp commentary in its Al-Naba newsletter in mid-March, Daesh urged followers to show no mercy and launch attacks in this time of crisis.
In a commentary Tuesday, the International Crisis Group warned that the pandemic threatens the global solidarity that is key to fighting extremists.
“It is almost certainly correct that COVID-19 will handicap domestic security efforts and international counter-Daesh cooperation, allowing the jihadists to better prepare spectacular terror attacks,” it said.
Though analysts said it was too soon to say which attacks can be blamed on militants exploiting the coronavirus, extremists in late March carried out their deadliest assault yet against the military of Chad, a significant contributor to Africa’s growing counterterrorism efforts, killing at least 92 soldiers near the border with Nigeria and Niger.
In Egypt, two military officials reported a spike in Daesh attacks in March in the restive northern part of the Sinai Peninsula but security forces foiled at least three other major assaults. The officials spoke on condition of anonymity because they were not authorized to brief the media.
While Syria and Iraq have seen no uptick in attacks by Daesh since the virus spread there, the pandemic has prompted the US-led coalition to halt training activities in Iraq amid a planned pullout from several bases.
There are signs elsewhere that the US, British and other militaries are pulling back because of the virus, leaving a possible opening for the extremists.
That’s a danger in Africa’s hot spots of the Sahel, the Lake Chad region and Somalia, where the US military already worried allies in recent months by contemplating cuts to focus on threats from China and Russia.
“Any state that was interested in pulling back in Africa will take the opportunity to do so,” said Clionadh Raleigh, executive director of the Armed Conflict Location & Event Data Project, which tracks extremists’ activities worldwide. “That will be unbelievably bad.”
A US Africa Command spokeswoman, Lt. Christina Gibson, told The Associated Press that “while the size and scope of some AFRICOM activities have been adjusted to ensure the safety and protection of forces — both US and partner nation — our commitment to Africa endures.” She did not give details of affected operations but said AFRICOM still has about 5,200 forces on the continent at any given time.
The British army mission in Kenya, which provides counterterrorism training and other skills, this week announced that all army families are returning to the UK because of the virus.
But France’s largest overseas military mission, Barkhane in West Africa’s sprawling Sahel region south of the Sahara Desert, is keeping its 5,100 troops there, the French Defense Ministry said. A pro-Al-Qaeda French organization issued a statement Tuesday urging French forces to stay home and save lives instead.
African military units, already stretched thin and under attack, are likely to take protective measures as the virus threatens their ranks.
In Nigeria, which has struggled against the Boko Haram extremist group and an assertive Daesh-linked offshoot, the military has called for suspending much of its activities including large gatherings and training.
A leaked memo signed by Nigerian army’s policy chief says its vehicles might have to be used for mass burials or transferring the sick to hospitals as the virus spreads.
While security forces are targets, under-guarded prisons could be too, said Laith Alkhouri, a counterterrorism adviser who researches extremists in West Africa. Both Daesh and Al-Qaeda-linked fighters have turned the Sahel into Africa’s most urgent extremism crisis, and even have engaged in some unprecedented cooperation.
Their fighters are likely to exploit the pandemic by accusing governments of mismanaging the crisis to try to win popular support, he said.
Alkhouri said that under another scenario, individuals may believe that only religion can keep them safe from the virus “and ignore scientific advice, which could lead to an increase in infections.”
Some extremist groups are showing signs that, like the rest of the world, they are trying to understand the coronavirus and respond.
In Somalia, the Al-Qaeda-linked Al-Shabab held a rare five-day meeting of its leaders in March that discussed the virus. In a communique, the group recognized its “emergency threat” to the world, including Muslims.
An Al-Shabab spokesman later told the AP it was too soon to comment on whether the group would heed a UN plea to halt attacks, which have continued, or whether it would allow health workers access to areas it controls.
In Afghanistan, the Taliban have gone even further, putting out videos on disinfection and photos of its fighters handing out face masks and soap. It also has offered security guarantees to any aid group assisting victims of the virus or helping to stop its spread.
Taliban spokesman Zabihullah Mujahed told the AP that “if, God forbid, the outbreak happens in an area where we control the situation, then we can stop fighting in that area.”

