The Reuters News Agency reported that in March hackers believed to be working in the interests of Iran had attempted to break into the personal email accounts of staff members at the World Health Organization (WHO). According to the reports, the hackers may have been seeking information about the spread of the outbreak worldwide.

This follows similar attacks against the United Nations health agency along with its partners, which had more than doubled since the beginning of the COVID-19 outbreak. Reuters reported that the latest effort to target WHO staff has been ongoing since March 2 – and has included phishing techniques that mimic Google web services.

Tehran has denied any involvement in the hacking, and an Iranian information technology ministry official told Reuters that Iran, too, has been a victim of hacking attempts. However, security experts have tracked the attacks to IP addresses, which have nearly tripled around the world – peaking at nearly half a billion attempts per day.

“While the intention of these attackers is not well known, the key attack method, email phishing, certainly is,” said Erich Kron, security awareness advocate at security research firm KnowBe4.

“Spear phishing attacks like the ones used here are how up to 91% of all successful data breaches start,” warned Kron in an email to ClearanceJobs. “By targeting the WHO during a time of crisis, certainly a time when the people there are working long hours and under significant stress, the attackers improve their chances of success greatly. While the information they are after is not known, the WHO has access to a lot of sensitive information from countries around the world and is a group that people are watching and looking to for trusted information from.”

Why Target the WHO?

Iran has been especially hard hit by COVID-19, the disease caused by the coronavirus. According to reports from Al Jazeera, the country remains one of the world’s epicenters for the outbreak. There have been more than 50,000 cases, and according to the latest official figures, at least six people die every hour from the disease.

Iranian political analyst Mohammad Marandi, who was quoted by Al Jazeera, suggested that the U.S. sanctions are to blame for the spread of coronavirus in the Islamic republic. Whether these cyber attacks aimed at WHO or other UN as well as U.S. agencies as a response is still unclear.

“While there are many different reasons the attackers are focusing on the WHO right now, none of them are likely to be good,” added Kron.

The other major concern now is that it isn’t just Iran that may be on the attack. Cybercriminals have been using the coronavirus crisis as an opportunity to spread malicious software and launch social engineering campaigns. This has included email messages that appeared to be from WHO offering tips on how to protect yourself from COVID-19. In addition, a coronavirus-related “ransomware” that locks computer files until a victim pays the hackers was reported last month.

“Early in the pandemic, we saw attackers sending phishing emails disguised to look like official information from the WHO, which was being used to steal credentials,” explained Kron. “These were fairly easy to spot, however, if a legitimate account really was compromised and used to send phishing emails, the impact would be much greater.”

At this time, especially as employees are working remotely – and whose systems may not be as hardened as those in the office – it is especially important that everyone maintains a level of due diligence when it comes to cybersecurity.

“The most effective defense against these types of attacks is to educate and train the employees to spot suspected phishing emails and to provide them a way to report them to the staff who can do a technical analysis of the email,” suggested Korn. “This allows employees to keep working while staying as safe from the attacks as possible.”

Related News

Peter Suciu is a freelance writer who covers business technology and cyber security. He currently lives in Michigan and can be reached at You can follow him on Twitter: @PeterSuciu.