Hijacked routers & attempted WHO hack highlight latest COVID-19 attacks

Hijacked routers & attempted WHO hack highlight latest COVID-19 attacks

Businesses remain closed in many major cities around the world as the coronavirus pandemic rages, but cybercriminals are still open for business, as they continue to use the crisis to serve their nefarious purposes.


Today’s latest round-up of coronavirus threats includes a reported hacking attempt against the World Health Organization, a DNS hijacking attack designed to to spread a malicious COVID-19 app, and a bizarre plot to spread malware via a digital anti-virus solution.


Possible APT group targets the WHO


Sophisticated hackers, possibly from an international advanced persistent threat group, reportedly attempted to hack into the systems of the World Health Organization earlier this month.


The culprits and their precise motive are unknown, but two unnamed sources reportedly told Reuters that they suspect the actor is DarkHotel, a well-established APT group that is reputedly tied to East Asia, and more specifically, Korea.


The WHO’s CISO Flavio Aggio reportedly told Reuters that there has been a significant increase in hacking attempts against the health agency amidst the coronavirus pandemic; however, this particular incident was unsuccessful.


Alexander Urbelis, a cyber expert with Blackstone Law Group, is credited with first detecting the malicious activity, after observing the hackers stand up a malicious website that impersonated the WHO’s internal email system.


Later, Aggio reportedly confirmed that the phony website had been used in an attempt to steal passwords from members of the agency’s workforce. Meanwhile, Costin Raiu, head of global research and analysis at Kaspersky, reportedly noted that the same web infrastructure has been recently used to target other health care and humanitarian organizations.


Routers Hijacked to Deliver Fake COVID-19 App Alert