The United Nations on Thursday confirmed that its computer networks were hit by a cyberattack earlier this year.
“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,” Stéphane Dujarric, spokesman for the UN Secretary-General, told Bloomberg. “The United Nations is frequently targeted by cyberattacks, including sustained campaigns. We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach.”
Threat actors stolen a huge quantity of documents containing sensitive information that could be used is attacked aimed at agencies within the intergovernmental organization.
According to Bloomberg, the attackers used stolen credentials of a UN employee purchased off the dark web.
Researchers at cyber security firm Resecurity discovered that the entry point was UN’s proprietary project management software, called Umoja. Then the attackers gained a foothold in the target network and made lateral movements looking for sensitive data.
It seems that the Umoja account used in the attacks wasn’t not protected with two-factor authentication because the security feature was made available only in July by the software vendor.
“Organizations like the UN are a high-value target for cyber-espionage activity,” explained Resecurity Chief Executive Officer Gene Yoo. “The actor conducted the intrusion with the goal of compromising large numbers of users within the UN network for further long-term intelligence gathering.”
The firm determined that the first access to the UN’s networks was on April 5, the attackers remained active until August 7. The threat actors were likely involved in cyber espionage, in my humble opinion, the nature or the target and the absence of any extortion attempts suggest the involvement of a nation-state actor.
Resecurity, which discovered the attack, shared its findings with the UN earlier this year and helped the international organization to determine the extent of the security breach. The UN’s spokesman Dujarric declared that its the security team of its organization had already detected the attack.
Initially, UN experts stated that no data was exfiltrated, but Resecurity’s team found evidence of a data breach.
The UN and other international agencies are privileged targets for cyber criminals and nation-state actors and unfortunately, it is quite easy to find login credentials belonging to their employees available for sale on the dark web.
In January 2020, an internal confidential report from the United Nations that was leaked to The New Humanitarian revealed that dozens of servers of the organization were “compromised” at offices in Geneva and Vienna.
One of the offices that were hit by a sophisticated cyber attack is the U.N. human rights office, the hackers were able to compromise active directory and access a staff list and details like e-mail addresses. According to the report, attackers did not access passwords.
(SecurityAffairs – hacking, United Nations)