The United Nations failed to disclose a successful cyber attack targeting its computer networks in Vienna and Geneva that resulted in hackers accessing staff records, data on commercial contracts, as well as health insurance records.
The cyber attack began in mid-July last year and according to The New Humanitarian who learned about the breach in November, hackers compromised "dozens of U.N. servers", breached several administrative accounts, and accessed data stored in systems belonging to human rights offices and the human resources department.
The affected servers belonged to the Office of the High Commissioner for Human Rights and the U.N. Economic Commission for Europe.
It was on 30th August that the United Nations' IT team at its Geneva offices issued an internal alert about a successful cyber attack. "We are working under the assumption that the entire domain is compromised. The attacker doesn't show signs of activity so far, we assume they established their position and are dormant," the alert read.
Only the Chiefs at Vienna and Geneva & internal IT teams knew about the breach
When contacted by The New Humanitarian, a U.N. spokesperson admitted that the breach took place and that the United Nations consciously decided not to disclose it to the public even though the attack compromised "core infrastructure components".
"The attack resulted in a compromise of core infrastructure components. As the exact nature and scope of the incident could not be determined, [the U.N. offices in Geneva and Vienna] decided not to publicly disclose the breach," the spokesperson said. TNH learned that the affected core infrastructure included "systems for user and password management, system controls, and security firewalls."
The U.N. spokesperson added that only the chiefs of the U.N. offices in Geneva and Vienna and their internal IT teams were kept in the loop about the major breach and that affected IT assets included printing, antivirus, and HR systems. He added that hackers who carried out the attack were able to "view data on the compromised server".
An unnamed U.N. official also told The Associated Press that looking at the skill level of the hackers, it is possible to assume that the attack was state-sponsored. "It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward. There’s not even a trace of a clean-up," the official said.
Cyber attack targeting the United Nations could have been state-sponsored
Commenting on the cyber attack targeting U.N. servers in July last year, Carl Wearn, Head of E-Crime at Mimecast, told TEISS that it is "highly likely that this attack was carried out by a well-financed organised criminal or state-affiliated group, due to the lengths taken to hide the intrusion."
"I would expect the UN to be targeted by a wide range of threat actors on a routine basis in any case, and to have substantial security in place to mitigate that risk, and so this news should come as a shock to all of us. As no “ransom” or other related demand has yet been made this likely indicates a specific espionage or politically related intention to the intrusion," he added.
"With the focus of today’s headlines on the United Nations, it appears the international entity has been targeted with malware that was potentially leveled through an application vulnerability in MS SharePoint. For years, these app vulnerability attacks have successfully disrupted operations and leaked sensitive information," opined Craig Hinkley, CEO of WhiteHat Security.
"These attacks have the potential to cause serious havoc to systems around the world, often targeting critical infrastructure like power grids and industrial control systems, as well as government agencies," he added.
Source: The New Humanitarian