The World Health Organization (WHO) has been targeted by cybercriminals in a series of attempted attacks amid the COVID-19 pandemic. New evidence also shows that the DarkHotel APT group has tried to infiltrate WHO’s networks to steal information from the organization, although it remains unclear what information the group was seeking. On March 13, a malicious site was being constructed that mimicked WHO’s internal email system according to cybersecurity researchers.

Researchers quickly realized that they were witnessing a live attack on the WHO amidst the pandemic, the organization in which provides critical developments and information to the public regarding the virus. The purpose of the site was to steal passwords from agency staffers.  Although the attack appeared to researchers as achieving a foothold in the agency rather than ending it entirely, the fact that the website could be compromised is concerning to security experts.