Cybercriminals exploit lack of MFA use by aid groups

Humanitarian organizations in the Middle East are being targeted by cyberattacks likely coming from supporters of the Houthi rebels, an Islamist movement based in Yemen.

The revelation that cyber attackers are attempting to steal credentials and gather information from humanitarian and human rights groups comes amid a trend of incorporating biometrics into aid distribution. The United Nations’ World Food Programme (WFP) has been introducing biometric solutions in Yemen to answer the country’s humanitarian catastrophe.

The cyberattacks were performed by a group named OilAlpha, according to findings from threat intelligence company Recorded Future. The threat group established a fake web portal that spoofed a generic login capability. It then created a cluster of malicious Android applications and supporting infrastructure used to conduct credential theft against human rights or humanitarian aid workers based in the Middle East.

Recorded Future’s threat research division Insikt Group believes the attacks could be organized to control aid distribution in Yemen.

Among the organizations that have been affected are CARE International, the Norwegian Refugee Council, and the Saudi Arabian King Salman Humanitarian Aid and Relief Centre. Insikt Group suspects malicious applications tied to OilAlpha have spoofed the UN or its World Food Programme.

The division first uncovered the cyberattacks in May 2023. A year later, the company discovered a suspicious Android file connected to OilAlpha which requested invasive permissions, such as access to the camera, audio, SMS, contacts and more.

To limit the damages of credential theft, Insikt Group recommends strong passwords and enabling multi-factor authentication (MFA) where possible.

A recent investigation from digital rights group Access Now concluded that the use of biometrics and digital ID in humanitarian projects could use more transparency, including better disclosure around procurement, data protection impact assessments (DPIAs) and incident reports.

Article Topics

biometrics  |  cybersecurity  |  digital ID  |  identity access management (IAM)  |  multifactor authentication