Hack compromised 20 admin accounts and malware was implanted on 40 servers, but the UN opted to cover up the cybersecurity attack
The United Nations was apparently hacked in 2019 but chose to cover up the cybersecurity incident.
This is the claim after an investigation by The New Humanitarian (NH), after it allegedly came across a confidential report about the UN Networks and databases which had been severely compromised last year.
As a world body, the UN aims to set standards and rules globally. A couple of weeks ago for example, UN sanctions experts issued a stark warning to people wishing to attend a cryptocurrency conference in North Korea in February.
But according to the NH, the United Nations knew about a hack of its IT systems last year but chose not to disclose the matter.
“The UN did not publicly disclose a major hacking attack into its IT systems in Europe – a decision that potentially put staff, other organisations, and individuals at risk, according to data protection advocates,” said the NH report.
“On 30 August 2019, IT officials working at the UN’s Geneva offices issued an alert to their tech teams about a hacking incident,” said NH. “The complex cyber attack on UN networks in Geneva and Vienna had started more than a month earlier but was only just being fully uncovered.”
It alleged that dozens of UN servers – including systems at its human rights offices, as well as its human resources department – were compromised and some administrator accounts breached.
The breach is one of the largest ever known to have affected the world body, it reported.
The cyber attack started in mid-July, according to the report. The incident amounted to a “major meltdown”, according to a senior UN IT official familiar with the fallout, who spoke to NH on condition of anonymity.
When NH asked the UN to comment, it confirmed it had kept the breach quiet.
“The attack resulted in a compromise of core infrastructure components,” UN spokesperson Stéphane Dujarric was quoted as saying. The attack was classified as “serious”. “As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach,” Dujarric reportedly said.
Staff were apparently asked to change their passwords, but were not told of the large breach or that some of their personal data may have been compromised.
The attackers were apparently able to exploit a Microsoft SharePoint vulnerability, and besides 20 administrative accounts being compromised, it was found that malware had been implanted on 40 servers.
The fact that the UN chose to cover up the attack was questioned by security experts.
“I believe no one should be covering up attacks in any way, shape or form,” said Jake Moore, cybersecurity expert at ESET. “We have learnt that being open and honest about cyberattacks can in fact help the brands and organisations in the wake of these hacks and help build stronger defences going forward.”
“Owning up to a data breach or vulnerability usually brings the cyber security industry together, and can provide help and support,” said Moore. “It also helps other organisations who may be at risk with similar vulnerabilities. Although it is yet to be seen how this attack was carried out, there is a lot to be learnt within the industry about reporting breaches, and hopefully over the next few years we will start to see a more honest approach.”
Do you know all about security? Try our quiz!