Cyber Week in Review: March 27, 2020
from Digital and Cyberspace Policy Program and Net Politics

Cyber Week in Review: March 27, 2020

World Health Organization targeted by hackers; EU Parliament will temporarily allow members to vote by email; Chinese information operations copying some Russian tactics, expert says; Hackers exploit coronavirus pandemic to conduct DNS hijacking attacks; and New report details massive Chinese hacking campaign.
A logo is pictured on the World Health Organization (WHO) headquarters.
A logo is pictured on the World Health Organization (WHO) headquarters. REUTERS/Denis Balibouse/File Photo

World Health Organization Targeted by Hackers

On Monday, Reuters reported a sophisticated cyberattack on the World Health Organization (WHO). The attack was detected by a third party, who noticed the registration of a domain mimicking the WHO’s internal email service. Other healthcare and humanitarian organizations were also attacked from the same infrastructure. Two unnamed sources suspected the attack was the work of DarkHotel, an advanced persistent threat actor possibly associated with the South Korean government. The WHO has reported a more than twofold increase in targeted attacks since the beginning of the pandemic. The motive of this particular attack is unknown, though one expert speculated it may have been to search for information about cures, tests, or vaccines.

EU Parliament Will Temporarily Allow Members to Vote by Email

This week, the European Parliament, the legislative body of the European Union, confirmed that it would allow members to vote electronically from this week until at least the end of July. The exact procedure, where members are emailed a ballot form and then email it back completed, has been criticized as manipulation-prone and damaging to public trust. Security expert J. Alex Halderman said fears were likely overblown since votes are public and members can check that the correct vote was recorded, though Patrick Breyer, a Member of the European Parliament, warned that some manipulations might not be noticed. The European Parliament said all necessary measures had been put in place and that it would not comment on specific security concerns.

Chinese Information Operations Copying Some Russian Tactics, Expert Says

More on:

Cybersecurity

COVID-19

China

Laura Rosenberger, the director of the Alliance for Securing Democracy, said at a panel this week that Chinese actors were learning from past Russian information operations and changing their own tactics accordingly. While in the past Chinese information operations have largely attempted narrative control and creation—that is, trying to make individuals believe versions of events that reflect positively on the leadership of the Chinese Communist Party—they are now promoting multiple competing narratives in an attempt to sow doubt about information in general. Chinese efforts are occurring at a time when there might be some shift in the U.S. messaging about Beijing's responsibility for the pandemic. While the G7 failed to release a joint statement due to Secretary of State Pompeo’s insistence on referring to COVID-19 as the “Wuhan virus,” President Trump appears to have decided to stop using "Chinese virus" and recently praised President Xi Jinping’s efforts at containing the virus’ spread.

Hackers Exploit Coronavirus Pandemic to Conduct DNS Hijacking Attacks

On Wednesday, Bitdefender released a report revealing how hackers have taken advantage of the coronavirus pandemic to try to spread malware via DNS hijacking. In DNS hijacking, attackers scan the internet for vulnerable routers, compromise them, and then change their DNS servers so that when users attempt to visit their chosen website, they are actually redirected to a malicious one controlled by the attacker. In this case, the attacker’s site reportedly tried to entice users to download a fake coronavirus-related app that actually contained malware. With more workers than ever working from home, this technique is especially alarming.

New Report Details Massive Chinese Hacking Campaign

This week, a new report by FireEye revealed a massive hacking campaign by APT41, a Chinese state-sponsored cyber actor, who targeted companies, nonprofits, law firms, media organizations and others in at least twenty countries. The campaign used many so-called “1-day” vulnerabilities—vulnerabilities that have been publicly acknowledged but not yet weaponized—to attack their targets. One target group of the attacks were telecommunications companies, which could provide access the conversations of Chinese political dissidents. Though this campaign was clearly targeted, it was also widespread, and experts believe that APT41 could be focusing its efforts in many areas of interest to the Chinese government, including seeking intelligence on the U.S.­-China trade war and the coronavirus pandemic.

More on:

Cybersecurity

COVID-19

China

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail