Hackers target China and the World Health Organization. What relationship with DarkHotel?
Hackers have targeted Chinese government agencies, diplomatic missions, and the World Health Organization, as the world battles the Corona pandemic.
The attack targeted over two hundred servers in the largest piracy campaign during the pandemic, according to a report by leading Chinese Internet provider Qihoo 360.
The report linked the attacks to the DarkHotel hacker group, a group of elite hackers who have carried out Internet spying since 2007.
Cybersecurity companies are trying to track many of the group’s operations active in East Asia, with targets including government employees and businessmen in places like China, North Korea, Japan and the United States.
The first goal
The same group is suspected to be behind the recent cyberattacks against the World Health Organization, as officials and cybersecurity experts warn that hackers of all stripes are seeking to take advantage of international concern about the spread of the Coruna virus, according to a Reuters report.
WHO Information Security Chief Flavio Aggio said the identity of the intruders was not clear, but the attempts were unsuccessful. He warned that attempts at piracy against the agency and its partners had risen with its battle to contain the Coronavirus, which has killed tens of thousands around the world.
Alexander Urbelis, a cybersecurity expert and lawyer with the New York-based Blackstone Legal Group, was the first to report to Reuters about the attempted intrusion into the health organization, which specializes in monitoring suspicious online activities.
A. Urbelis said he followed the activity on March 13, when a group of hackers he was following had activated a malicious website that emulated the WHO’s internal email system, “I realized quickly that this was a direct attack on the WHO amid a pandemic.”
This expert said he did not know who was responsible, but other sources familiar with the matter said they suspected the DarkHotel group.
Both Chinese domestic agencies and diplomatic missions in countries – including Italy, the United Kingdom, North Korea, and Thailand – have been attacked, according to the Qihoo 360 report.
China’s anti-virus software vendor’s report said the DarkHotel’s fingerprint attack finally spread in early April to government agencies in Beijing and Shanghai, after it had previously targeted the World Health Organization and their attempt had failed.
Cyber security companies – including BitDefender in Romania and Russia’s Kaspersky – have tracked many of the DarkHotel’s operations in East Asia – an area highly affected by the Coronavirus. Specific targets included government officials and businessmen in places such as China, North Korea, Japan, and the United States.
Kaspersky’s global head of research and analysis could not confirm that the DarkHotel group was behind the attack on the World Health Organization, but said that the malicious web infrastructure had also been used to target healthcare and other humanitarian organizations in recent weeks.
“At such times, any information about treatments, tests, or vaccines related to coronavirus is invaluable and a priority for any intelligence organization in any affected country,” the expert added.
“The Chinese government is taking strict measures against any form of cyber-attacks and will step up measures to protect its cybersecurity,” said Lijian Zhao Chinese Foreign Ministry spokesman. He also called for more international cooperation to protect cybersecurity.
The attacks come at a time when many governments and companies are asking employees to work from home to prevent the spread of the Coronavirus. Beijing has asked most offices to host more than half of the staff at one time and has stopped schooling.
The report speculated that it was possible that the motive to attack Chinese agencies was to get information related to the epidemic, especially after the government-controlled outbreak.
“But the epidemic is still going on in many countries,” he asked. “Do the attacks aim to spy on Chinese medical technology and anti-virus measures during the epidemic? “
However, security experts said that except for the Qihoo 360 report, there is no further evidence that DarkHotel was behind the attacks or that the intruders’ motives were linked to the epidemic.
“So far, we don’t see any confirmation from an outside party … This is the opinion of one company,” said Mark Webb-Johnson, Co-founder, chief technology officer of the “Network Box” security service provider. However, I see no evidence to challenge its credibility. “
Brian Bartholomew, a researcher from Kaspersky who monitors DarkHotel activities, concluded after the release of the Qihoo 360 report, “This report is full of conflicting information… “We do not say they are wrong, but there must be more statements to support these accusations,” he added.