Hackers breached the United Nations’ computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization.
Stéphane Dujarric, spokesman for the UN Secretary-General, stated that:
“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021”
“The United Nations is frequently targeted by cyberattacks, including sustained campaigns. We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach.”
The hackers’ method for gaining access to the UN network appears to be unsophisticated: They likely got in using the stolen username and password of a UN employee purchased off the dark web.
The credentials belonged to an account on the UN’s proprietary project management software, called Umoja. From there, the hackers were able to gain deeper access to the UN’s network, according to cybersecurity firm Resecurity, which discovered the breach. The earliest known date the hackers obtained access to the UN’s systems was April 5, and they were still active on the network as of Aug. 7.
According to Resecurity, company officials informed the UN of its latest breach earlier this year and worked with organization’s security team to identify the scope of the attack. The UN’s Dujarric said the international organization had already detected the attack.
UN officials informed Resecurity that the hack was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network, according to Resecurity. When Resecurity’s Yoo provided proof to the UN of stolen data, the UN stopped corresponding with the company, he said.
The Umoja account used by the hackers wasn’t enabled with two-factor authentication, a basic security feature. According to an announcement on Umoja’s website in July, the system migrated to Microsoft Azure, which provides multifactor authentication. That move “reduces the risk of cybersecurity breaches,” an announcement on Umoja’s site read.
In the latest breach, hackers sought to map out more information about how the UN’s computer networks are built, and to compromise the accounts of 53 UN accounts, Resecurity said.
The reconnaissance carried out by the hackers may enable them to conduct future hacks or to sell the information to other groups that may seek to breach the UN.