Leaked Report: The United Nations Was Hacked

Last year in July 2019 hackers invaded UN’s computer network in Geneva and Vienna in a spying operation that the UN was silent about at the time. Now an internal document has been leaked to New Humanitarian journalists and has also been seen by The Associated Press. 

Dozens of servers were hacked into including the UN Human Rights Office which collects data on human rights abuses by governments. 

Asked about the intrusion, one UN official told the Associated Press that this was a sophisticated  hack with the extent of damage unclear, especially in terms of personal, secret or compromising information that may have been stolen. A UN official, who spoke only on condition of anonymity to speak freely about the episode, said systems have since been reinforced. Given the high skill level, it is possible a state-backed actor was behind it, the official said. “It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official added. “There’s not even a trace of a clean-up.”

The internal document from the UN Office of Information and Technology said 42 servers were “compromised” and another 25 were deemed “suspicious,” nearly all at the sprawling Geneva and Vienna offices. 

Three of the “compromised” servers belonged to the Human Rights agency, which is located across town from the main UN office in Geneva, and two were used by the UN Economic Commission for Europe. A senior official called the attack a ‘major meltdown’.

The report says a flaw in Microsoft’s SharePoint software was exploited by the hackers to infiltrate the networks. However what type of malware was used is not known, nor had technicians identified the command and control servers on the internet used to exfiltrate information. Nor was it known what mechanism was used by the hackers to maintain their presence on the infiltrated networks.

APNews:       New Humanitarian:

You Might Also Read:

United Nations  Investigating N Korean Cyber Attacks:

African Union HQ Building Bugged:

 

 

 

 

« Iowa Election App Vulnerable To Hackers
What Is The Fuss About 5G? »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The Networking People (TNP)

The Networking People (TNP)

TNP supplies independent advice allowing large organisations to design, build and operate their own networks independently of the established telecoms companies.

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

ManagedMethods

ManagedMethods

ManageMethods Cloud Access Monitor is the only Cloud Access Security Broker (CASB) that can be deployed in minutes, with no special training, and with no impact on users or networks.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Titanium Industrial Security

Titanium Industrial Security

Titanium Industrial Security specializes in advising and accompanying companies on cybersecurity in Connected Industry (Industry 4.0 / Smart Factory / IIoT).

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Kleiner Perkins

Kleiner Perkins

For five decades, Kleiner Perkins has made history by partnering with some of the most ingenious and forward-thinking founders in technology and life sciences.

Greenberg Traurig (GT)

Greenberg Traurig (GT)

Greenberg Traurig, LLP (GT) is a global law firm with offices in 40 locations in the United States, Latin America, Europe, Asia, and the Middle East.

ArmorCode

ArmorCode

ArmorCode's intelligent application security platform gives us unified visibility into AppSec postures and automates complex DevSecOps workflows.

HEAL Security

HEAL Security

HEAL Security is the global authority for cybersecurity data, research and insights across the healthcare sector.

Nuke From Orbit

Nuke From Orbit

Nuke's mission is to put you back in control of your digital identity when your smartphone gets stolen.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.

AUCyber

AUCyber

AUCyber is a leading provider of managed cyber security solutions and consultancy services, specialising in supporting Australian organisations and Government agencies.

Stratsec

Stratsec

Stratsec is a global team of experts on a mission to protect human life, well-being and the environment against cyber-driven threats.