WHO Targeted in Espionage Attempt, COVID-19 Cyberattacks Spike

2020-03-24 19:16

The attack appeared to be aimed at achieving a foothold at the agency rather than being an end unto itself: "The targeting infrastructure seems to focus on certain types of healthcare and humanitarian organizations that are uncommon for cybercriminals," Costin Raiu, researcher at Kaspersky, told Threatpost.

As for the "Why" of the attack, which was thwarted, Raiu said that information about remediation for coronavirus - such as cures, tests or vaccines - would be invaluable to any nation-state's intelligence officials.

"So far, we don't know the motivation behind these attacks at times like this, any information about cures or tests or vaccines relating to coronavirus would be priceless and the priority of any intelligence organization of an affected country," he told Threatpost.

In line with that, unnamed sources told Reuters that the DarkHotel group, an APT associated with carrying out cyberespionage efforts in China, North Korea, Japan and the United States, could be the culprit behind the attack.

Earlier in 2020, DarkHotel was seen using Office documents for targeted attacks using a zero-day in Internet Explorer.

News URL

https://threatpost.com/who-attacked-possible-apt-covid-19-cyberattacks-double/154083/

#covid19 #cyberattack #espionage #spike