The United Nations has revealed that it suffered a major hack last year. According to The New Humanitarian and Associated Press, the organization was the victim of a massive state-sponsored attack this past summer.

According to the reports, sometime around July of 2019, hackers exploited a vulnerability in Microsoft SharePoint and an unknown malware to gain access to dozens of servers at the UN’s Geneva and Vienna offices as well as the Office of the United Nations High Commissioner for Human Rights (OHCHR).

The attack resulted in a compromise of core infrastructure components. As the exact nature and scope of the incident could not be determined, [the UN] decided not to publicly disclose the breach.

– Spokesperson for the UN

Jake Williams, a former hacker for the US government told Associated Press that “the intrusion definitely looks like espionage.” An unnamed source at the UN told the Associated Press that “it’s as if someone were walking in the sand, and swept up their tracks with a broom afterward. There’s not even a trace of a clean-up.” The hackers downloaded over 400 GB of data from the servers and covered their tracks. The UN noted that they don’t know the extent of the damage as well as what information hackers were able to download. The good news (unless you’re a UN employee) is the servers just had the employee information. Following up on that, the UN has asked all its employees to reset their passwords but refused to dive into the details.

This is not the first time that the UN has covered up a data breach. Back in 2016, Emissary Panda, a group with ties to the Chinese government accessed servers from the International Civil Aviation Organization. The UN reported the breach only after the CBC reported on it. Apparently, the UN’s unique status means the body is not required to disclose data breaches.

Unfortunately, state-sponsored cyberattacks are becoming more and more common as countries are taking wars online. Just last week we reported how Saudi’s Crown Price hacked Amazon CEO Jeff Bezos’s cellphone and syphoned data.

Comments