Data Leaked: 25,000 accounts of WHO, Wuhan Virology Institute & Gates Foundation Allegedly Hacked

The digital data of World Health Organization, the Wuhan Institute of Virology, the Gates Foundation and other institutes working on the novel coronavirus pandemic have been hacked, with thousands of their emails, passwords and documents getting leaked online.

According to the SITE Intelligence Group, which monitors terror groups online, hackers shared around 25,000 email addresses and their passwords of the groups which are at the forefront of the war against the global pandemic.

Many screenshots of the documents, emails and their passwords were posted on Twitter too. The data was leaked on Sunday and Monday.

The Maryland-based SITE said the National Institute of Health (NIH) was the biggest victim of hacking with 9,938 emails and passwords posted online. As many as 6,857 emails and passwords of the Centers for Disease Control and Prevention, 5,120 of the World Bank and 2,732 of WHO were also leaked.

The database also seems to carry several IDs from a virology lab in Wuhan, giving rise to fresh speculations and conspiracy theories.

The Washington Post reported that unknown activists posted 25,000 email addresses and passwords online. This was found out by the SITE Intelligence Group, which looks after online extremism and terrorist organizations. An Australian independent cybersecurity expert Robert Potter said he could verify some of the IDs and passwords from WHO, but added that it could be from an older attack.

The WHO list is genuine but it appears to be from an earlier attack. Healthcare agencies in particular are traditionally quite bad at cyber security. Email IDs from Gates Foundation, which recently donated USD 150 million to Wuhan Institute of Virology, were also leaked. Wuhan was the epicenter of the pandemic.

Healthcare Organization’s attack Graph

WHO has seen a rise in cybercrime attacks since mid-March, Bloomberg quoted chief information officer, Bernardo Mariano as saying? He added that the organization hasn't been attacked but employees' passwords were leaked through other websites.

The WHO used to have one security alert a month, but thus far in April the organization has received eight from national cybersecurity authorities notifying "of nation-state actor attacks that we are facing," he said. The targets of these attacks are top WHO officials like Director-General Tedros Adhanom Ghebreyesus. Israel, European Union, UK, Switzerland, Interpol and even Microsoft had warned WHO of a possible attack, Mariano said.

Health organizations have been subject to increased cyber-threat as the coronavirus pandemic continues (despite some hacking groups graciously saying they’ll stop targeting the industry for now).

  • On 15 March, the US Department of Health and Social Science was hit with a cyberattack that aimed to disrupt its COVID-19 response.
  • A hospital in the Czech Republic which is responsible for processing coronavirus tests also suffered a cyberattack.

The spike in attacks could be the result of the cyber criminal’s callous calculation that hospitals and other health organizations would perhaps pay inflated ransoms in order to regain control of critical services at this desperate time.

But even before the coronavirus pandemic, reports indicated that health care is one of the biggest targets for both ransomware and cyber-attacks. In 2017, Health Care Industry Cybersecurity Task Force convened by the US Department of Health and Human Services found that health care cyber security was in “critical condition.”

A 2020 report revealed that last year in the UK, 67 per cent of health care organizations experienced a cyber security incident.


WHO, Wuhan Institute of Virology, Gates Foundation hacked

The Washington Post reported on Tuesday, that nearly 25,000 emails, passwords and classified documents allegedly belonging to the organizations first appeared to have been posted on imageboard website 4chan, before being shared on Pastebin, a text storage site, Twitter and far-right extremist channels on the messaging app, Telegram.


Pastebin links:

Shortly after news of the hack went public, conspiracy theorists didn't waste any time in sharing the data aggressively across various platforms, push the idea that COVID-19 was engineered in a Wuhan lab.

"Using the data, far-right extremists were calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic," said Rita Katz, SITE's executive director. "The distribution of these alleged email credentials were just another part of a months-long initiative across the far right to weaponize the COVID-19 pandemic."