A new report has surfaced online revealing striking details of a cyber attack targeting the United Nations. Through this report, researchers have found that the United Nations was hacked last year, allegedly exposing huge volumes of data to the attackers.
United Nations Hacked
According to a report from The New Humanitarian (TNH) and seen by the Associated Press (AP), the UN suffered a cyberattack. Specifically, the perpetrators hacked the United Nations servers last year pilfering sensitive data. What’s odd here is that the UN didn’t disclose the breach.
According to TNH, the report that remained hidden until recently reveals that the attack occurred in mid-July 2019. The attackers compromised dozens of UN servers located in Europe, primarily affecting three offices. These include the UN Office at Geneva, UN Office at Vienna, and the UN Office of the High Commissioner for Human Rights (OHCHR) headquarters in Geneva.
The major effect of the attack happened at the Geneva Office affecting 33 servers. Whereas, the incident affected 3 servers at the OHCR Geneva, and 4 at the UN Office in Vienna.
Consequently, the breached servers allowed the attackers to pilfer staff details, health insurance, and other data. As stated by TNH,
The report seen by TNH implies that internal documents, databases, emails, commercial information, and personal data may have been available to the intruders – sensitive data that could have far-reaching repercussions for staff, individuals, and organisations communicating with and doing business with the UN.
Apart from being a serious cybersecurity breach, what worsened the problem was the concealing of the matter from the personnel. According to the President UN Staff Council, Ian Richards, based in Geneva,
Staff at large, including me, were not informed. All we received was an email (on Sept. 26) informing us about infrastructure maintenance work.
The UN spokesperson Stéphane Dujarric told TNH,
The attack resulted in a compromise of core infrastructure components. As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach.
Possible State-backed Espionage
The scope of the attack, according to what the senior UN IT official told TNH, was far larger than what the UN implied.
Regarding the attackers, a UN official told AP, that they were smart enough to remove all traces.
It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward. There’s not even a trace of a clean-up.
More specifically, the attackers cleared all logs via domain administrator-level accounts that already possess master access to all accounts.
The report says that the perpetrators potentially exploited a vulnerability in Microsoft Sharepoint to access the network. However, the malware used in this attack remains unidentified. Moreover, the technicians could also not determine the mechanism by which the attackers infiltrated and existed on the network.
According to Jake Williams, CEO Rendition Infosec, a cybersecurity firm, this may be state-backed espionage.
This, coupled with the relatively small number of infected machines, is highly suggestive of espionage. The attackers have a goal in mind and are deploying malware to machines that they believe serve some purpose for them.
For now, it seems that the UN continues to downplay the incident. Whereas, the leaked confidential report and the analyses of cybersecurity experts of the report, hints otherwise.
Let’s see how this unrolls further.