Leaked Report: The United Nations Was Hacked

Last year in July 2019 hackers invaded UN’s computer network in Geneva and Vienna in a spying operation that the UN was silent about at the time. Now an internal document has been leaked to New Humanitarian journalists and has also been seen by The Associated Press. 

Dozens of servers were hacked into including the UN Human Rights Office which collects data on human rights abuses by governments. 

Asked about the intrusion, one UN official told the Associated Press that this was a sophisticated  hack with the extent of damage unclear, especially in terms of personal, secret or compromising information that may have been stolen. A UN official, who spoke only on condition of anonymity to speak freely about the episode, said systems have since been reinforced. Given the high skill level, it is possible a state-backed actor was behind it, the official said. “It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official added. “There’s not even a trace of a clean-up.”

The internal document from the UN Office of Information and Technology said 42 servers were “compromised” and another 25 were deemed “suspicious,” nearly all at the sprawling Geneva and Vienna offices. 

Three of the “compromised” servers belonged to the Human Rights agency, which is located across town from the main UN office in Geneva, and two were used by the UN Economic Commission for Europe. A senior official called the attack a ‘major meltdown’.

The report says a flaw in Microsoft’s SharePoint software was exploited by the hackers to infiltrate the networks. However what type of malware was used is not known, nor had technicians identified the command and control servers on the internet used to exfiltrate information. Nor was it known what mechanism was used by the hackers to maintain their presence on the infiltrated networks.

APNews:       New Humanitarian:

You Might Also Read:

United Nations  Investigating N Korean Cyber Attacks:

African Union HQ Building Bugged:

 

 

 

 

« Iowa Election App Vulnerable To Hackers
What Is The Fuss About 5G? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Paessler

Paessler

Paessler is a leading worldwide provider of network monitoring software.

HackCon Norway

HackCon Norway

HackCon is for the people who are interested in technology, psychology, IT and security, and who wants to improve their knowledge within these areas.

Quaynote Communications

Quaynote Communications

Quaynote Communications is a specialist conference and communications company focused primarily on the maritime, yachting, aviation and security industries.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

AXELOS

AXELOS

AXELOS develops best practice frameworks and methodologies used globally by professionals working primarily in IT management and cyber resilience.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

River Loop Security

River Loop Security

River Loop Security specialize in solving complex cybersecurity challenges in the IoT and embedded devices space.

SurePassID

SurePassID

SurePassID is a provider of highly secure, highly extensible multi-factor authentication (MFA) solutions.

OWN

OWN

OWN (formerly SEKOIA) is a major French player in cybersecurity providing tailor-made, informed and adapted cyber support thanks to its DNA of passionate and committed experts.

Digitpol

Digitpol

Digitpol’s Cyber Crime Investigation experts investigate hacking incidents, ransomware, extortion and conduct security audits and IT upgrades.

Kalima Systems

Kalima Systems

Kalima’s mission is to securely collect, transport, store and share Industrial IoT (IIoT) trusted data in real time with devices, services and mobile workers.

Suridata

Suridata

Suridata’s SaaS Security platform enables organizations to secure the use of SaaS applications.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Vectra AI

Vectra AI

Vectra threat detection & response - see and stop threats across hybrid and multi-cloud enterprises.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

Crispmind

Crispmind

Crispmind creates innovative solutions to some of today’s most challenging technology problems.