Leaked Report: The United Nations Was Hacked

Uploaded on 2020-02-06 in TECHNOLOGY--Hackers, INTELLIGENCE--International, FREE TO VIEW

Last year in July 2019 hackers invaded UN’s computer network in Geneva and Vienna in a spying operation that the UN was silent about at the time. Now an internal document has been leaked to New Humanitarian journalists and has also been seen by The Associated Press. 

Dozens of servers were hacked into including the UN Human Rights Office which collects data on human rights abuses by governments. 

Asked about the intrusion, one UN official told the Associated Press that this was a sophisticated  hack with the extent of damage unclear, especially in terms of personal, secret or compromising information that may have been stolen. A UN official, who spoke only on condition of anonymity to speak freely about the episode, said systems have since been reinforced. Given the high skill level, it is possible a state-backed actor was behind it, the official said. “It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official added. “There’s not even a trace of a clean-up.”

The internal document from the UN Office of Information and Technology said 42 servers were “compromised” and another 25 were deemed “suspicious,” nearly all at the sprawling Geneva and Vienna offices. 

Three of the “compromised” servers belonged to the Human Rights agency, which is located across town from the main UN office in Geneva, and two were used by the UN Economic Commission for Europe. A senior official called the attack a ‘major meltdown’.

The report says a flaw in Microsoft’s SharePoint software was exploited by the hackers to infiltrate the networks. However what type of malware was used is not known, nor had technicians identified the command and control servers on the internet used to exfiltrate information. Nor was it known what mechanism was used by the hackers to maintain their presence on the infiltrated networks.

APNews:       New Humanitarian:

You Might Also Read:

United Nations  Investigating N Korean Cyber Attacks:

African Union HQ Building Bugged:

 

 

 

 

« Iowa Election App Vulnerable To Hackers
What Is The Fuss About 5G? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Ezenta

Ezenta

Ezenta is a Danish IT security consulting firm.

Cybercrime Investigation & Coordinating Center (CICC) - Philippines

Cybercrime Investigation & Coordinating Center (CICC) - Philippines

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

Gita Technologies

Gita Technologies

Gita Technologies works to create integrated solutions to the thorniest problems in the field of intelligence and cyber today.

Barbara IoT

Barbara IoT

Barbara is an industrial device platform specifically designed for IoT deployments.

Sky Data Vault

Sky Data Vault

Sky Data Vault provide the simplest and most cost effective method of Disaster Recovery / Business Continuity for mission critical systems and applications.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

Mjenzi Cloud

Mjenzi Cloud

Mjenzi Cloud is a provider of cloud IaaS solutions including managed backup services, affordable & secure cloud virtual compute/storage/compute services, bare-metal services and cloud security.

Sekuro

Sekuro

Sekuro is your leading governance and cyber security partner. Building organisational resilience. Enabling fearless innovation.

Raito

Raito

Raito's unique solution integrates with the data development process and lets data teams monitor, manage, and automate data security across the data stack.

Umbrella Cyber

Umbrella Cyber

Umbrella Cyber specialises in Cyber Essentials and Cyber Essentials Plus Certification and penetration testing.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.

RAH Infotech

RAH Infotech

RAH Infotech is India’s leading value added distributor and solutions provider in the Network and Security domain. We are specialists in Enterprise and App Security and Application Delivery.

Secure Domains

Secure Domains

Secure Domains is the first company in the GCC to offer cloud-based DNS firewall services and security through its flagship SaaS product, DNS Armor.

BeckTek

BeckTek

BeckTek specialize in IT Cyber Security & Support, helping clients run their businesses faster, easier and more profitably.