UNESCO hack: Fake documents and more

It has been over a week now, since it was reported that UNESCO, WHO and multiple other websites have been breached in an automated hack. Major sites like UNESCO are hosting documents which have been uploaded by cybercriminals.

Cybercriminals are abusing the content management system of these sites. I have to think that their content management systems are not up to date and that noone is maintaining them.

Private youtube video downloader hosted on Unesco.org
Private Youtube video downloader on Unesco

The cybercriminals are leaving all types of documents, which contain hyperlinks. The documents will be indexed by Google. The links included in the documents receive a boost in their Google Ranking and this improves their SEO ranking immediately.


The boost in the Google ranking and the clicks that they get, allows the cybercriminals behind those links to monetize the traffic that they are getting. The can adjust the landing pages of those hyperlinks with ease, allowing them to virtually perform any task.

UNESCO document linking to UEFA Nations League streams
Another malicious document hosted on the UNESCO site

You can clearly see that the cybercriminals are picking up the latest trends. They have included malicious documents which claim to lead to an OnlyFans downloader.

Document to the OnlyFans downloader hosted on Unesco
OnlyFans downloader hosted on UNESCO

Multiple cybercriminals continue to abuse the vulnerabilities found in the sites. They utilize the same techniques to share their malicious documents on websites that they are going to hack.

HD~Repelis! documents being shared on UNESCO
HD~Repelis! documents being shared on UNESCO

Stay vigilant

If I am downloading documents from UNESCO or other similar sites, then I always verify the origin of the document. If needed, I will give the mentioned parties a call. This call is just to verify if the document indeed are uploaded by them.

As I visit the websites (and others), I make sure that I have the anti-virus enabled, and that I continue to stay vigilant with the links that I am clicking on.

There must be a security company which feels the call to secure their sites right?!