Hackers Linked To Iran Target World Health Organization Staff

Iran Intensifies Cyber Warfare Amid Pandemic, Underscoring Threats Posed By Regime

(New York, N.Y.) – Today, Reuters reported that hackers working in the interest of the Iranian government have attempted to infiltrate the email accounts of staff at the World Health Organization—the WHO—signaling that even organizations prominently involved with fighting COVID-19 are potential targets for malicious actors. The Iran-linked hackers have been attacking the WHO since March 2, 2020 with phishing attempts intended to mimic Google Web Services to their personal accounts of WHO staff. Even as details of the attacks point to Tehran, a regime spokesperson has denied responsibility, claiming instead that “Iran has been a victim of hacking.”

In January, following the U.S. precision strike on former Islamic Revolutionary Guard Corps (IRGC) Quds Force Commander General Qassem Soleimani, the U.S. national security apparatus cautioned that one avenue for retaliation Iran is likely to pursue is launching offensive cyberattacks targeting the U.S. public and private sectors. More broadly, the recent report from Reuters offers a cautionary tale for the international community. While Iran is asking for sanctions relief and rejecting unconditional offers of U.S. humanitarian assistance, it is simultaneously launching cyberattacks against the very organizations—the WHO—which are helping the Islamic Republic amid the COVID-19 pandemic.

United Against Nuclear Iran (UANI) is releasing a new report today, The Iranian Cyber Threat, which outlines the structure of Iran’s cyber infrastructure and analyzes the Islamic Republic’s cyber methods and motivations. The Iranian cyber threat poses unique challenges to American security given the difficulties with properly attributing attacks, the lack of clear-cut rules with regard to response options and concerns for escalatory responses, and the thousands of vulnerable sites throughout the country and among our allies and U.S. entities abroad that make for appealing targets. The main factor preventing Iran from launching major, disruptive cyber-attacks against the U.S. homeland is not necessarily lacking of opportunity or ability, but the regime’s calculus as to whether the benefits of such an attack outweigh the costs it would likely incur.

In September 2018, President Trump issued National Security Presidential Memorandum 13 (NSPM 13), a classified directive that reportedly enables the White House to permit the military to engage in offensive cyber operations without a lengthy review process. Iran has yet to be deterred, however, as evidenced by reports that it has continued to probe critical U.S. systems, signaling that an attack on industrial control systems remains on the table. The primary deterrent to Iran undertaking the costliest and most destructive attacks would be the knowledge that such a cyber attack would lead to a regime destabilizing response, but the U.S. has yet to define what constitutes an act of warfare in the cyber domain. With Iran determined to harm U.S. interests, a more proactive public-private approach is required to identify vulnerable targets and bolster cybersecurity across the board in order to achieve collective defense.

To read UANI’s new report, The Iranian Cyber Threat, please click here.