‘Hack-for-hire’ firms spoofing WHO have targeted business leaders in financial services, consulting and healthcare corporations in Cyprus and several other countries, according to Google’s Threat Analysis Group.
The lures encourage individuals to sign up for direct notifications from the WHO to stay informed of COVID-19 related announcements, and link to attacker-hosted websites that bear a strong resemblance to the official WHO website, it said.
The sites typically feature fake login pages that prompt potential victims to give up their Google account credentials, and occasionally encourage individuals to give up other personal information, such as their phone numbers, it added.
The Threat Analysis Group noted that government-backed or state-sponsored groups have different goals in carrying out their attacks: Some are looking to collect intelligence or steal intellectual property; others are targeting dissidents or activists, or attempting to engage in coordinated influence operations and disinformation campaigns.
Reuters reports that security experts at Alphabet Inc’s Google sent 1,755 warnings in April to users whose accounts were targets of government-backed attackers, following a resurgence in hacking and phishing attempts related to the coronavirus outbreak.
Google said on Wednesday its Threat Analysis Group saw new activity from “hack-for-hire” firms, many based in India, that have been creating Gmail accounts spoofing the World Health Organization (WHO).
These accounts largely targeted business leaders in financial services, consulting and healthcare corporations in numerous countries including the United States, Slovenia, Canada, India, Bahrain, Cyprus and UK, the company said in a blog post.
Google said it continued to see attacks from hackers on medical and healthcare professionals, including WHO employees.
WHO and other organizations, at the centre of a global effort to contain the coronavirus, have come under a sustained digital bombardment by hackers seeking information about the outbreak.
“Since March, we’ve removed more than a thousand YouTube channels that we believe to be part of a large campaign and that were behaving in a coordinated manner”, the blog post added.