Leaked Report: The United Nations Was Hacked

Last year in July 2019 hackers invaded UN’s computer network in Geneva and Vienna in a spying operation that the UN was silent about at the time. Now an internal document has been leaked to New Humanitarian journalists and has also been seen by The Associated Press. 

Dozens of servers were hacked into including the UN Human Rights Office which collects data on human rights abuses by governments. 

Asked about the intrusion, one UN official told the Associated Press that this was a sophisticated  hack with the extent of damage unclear, especially in terms of personal, secret or compromising information that may have been stolen. A UN official, who spoke only on condition of anonymity to speak freely about the episode, said systems have since been reinforced. Given the high skill level, it is possible a state-backed actor was behind it, the official said. “It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official added. “There’s not even a trace of a clean-up.”

The internal document from the UN Office of Information and Technology said 42 servers were “compromised” and another 25 were deemed “suspicious,” nearly all at the sprawling Geneva and Vienna offices. 

Three of the “compromised” servers belonged to the Human Rights agency, which is located across town from the main UN office in Geneva, and two were used by the UN Economic Commission for Europe. A senior official called the attack a ‘major meltdown’.

The report says a flaw in Microsoft’s SharePoint software was exploited by the hackers to infiltrate the networks. However what type of malware was used is not known, nor had technicians identified the command and control servers on the internet used to exfiltrate information. Nor was it known what mechanism was used by the hackers to maintain their presence on the infiltrated networks.

APNews:       New Humanitarian:

You Might Also Read:

United Nations  Investigating N Korean Cyber Attacks:

African Union HQ Building Bugged:

 

 

 

 

« Iowa Election App Vulnerable To Hackers
What Is The Fuss About 5G? »

Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81

Perimeter 81

Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and distributed workforce.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Pondurance

Pondurance

Pondurance is an IT Security and Compliance company providing services in Cyber Security, Continuity, Compliance and Threat Management.

NCC Group

NCC Group

NCC Group is a global expert in cyber security and risk mitigation, working with businesses to protect their brand, value and reputation against the ever-evolving threat landscape.

40Cloud

40Cloud

FortyCloud is a Cloud Security Broker providing an abstract security layer for cloud infrastructure deployments that is decoupled from the underlying cloud infrastructure.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

SecurityScorecard

SecurityScorecard

SecurityScorecard provides the most accurate security ratings & continuous risk monitoring for vendor and third party risk management.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

SafeLogic

SafeLogic

SafeLogic provides strong encryption products for solutions in mobile, server, Cloud, appliance, wearable, and IoT environments that are pursuing compliance to strict regulatory requirements.

ISDefence

ISDefence

ISDefence is a cyber resilience consulting company - Detect/Deter, Protect, Respond, Recover.

Numisec

Numisec

Numisec is an Indonesian based security services provider. We offer a comprehensive portfolio of security technologies and consulting services in finance and telecommunications.

24By7Security

24By7Security

24By7Security are Cybersecurity & Compliance Specialists with extensive hands on experience helping businesses build a defensive IT Infrastructure against all cyber security threats.