An anonymous reader quotes a report from Bloomberg: The messages began arriving in World Health Organization employees’ inboxes in early April, seemingly innocuous emails about the coronavirus from news organizations and researchers. But a close examination revealed that they contained malicious links, and some security experts have traced the emails to a hacking group in Iran believed to be sponsored by the government. The hacking effort, which began on April 3, was an attempt to steal passwords and possibly install malware on WHO computers, according to three people familiar with the matter, who requested anonymity because they aren’t authorized to talk to the news media. The incident was one of several suspected state-sponsored hacks targeting WHO officials in recent weeks, the people said.
Two of the messages sent to the WHO, which were reviewed by Bloomberg News, were designed to look like coronavirus newsletters from the British Broadcasting Corporation. A third message was tailored to look like an interview request from the American Foreign Policy Council, a conservative think tank based in Washington. It encouraged recipients to click on what looked to be a shortened Google link, which diverted to a malicious domain. Ohad Zaidenberg, lead cyber intelligence researcher at Clearsky Cyber Security, reviewed the messages for Bloomberg News, and said he believed they were sent by a group of state-sponsored Iranian hackers known as “Charming Kitten,” which has been active since 2014 and previously targeted Iranian dissidents, academics, journalists and human rights activists. Flavio Aggio, the WHO’s chief information security officer, confirmed the “very clever attacks” but said they’d so far been unsuccessful. “We are dealing with an information war and a cyberwar at the same time,” he added.