UN data breach (2021): Difference between revisions

From International cyber law: interactive toolkit
Jump to navigation Jump to search
(Uploaded new example)
 
No edit summary
 
Line 1: Line 1:
 
{| class="wikitable"
 
{| class="wikitable"
 
! scope="row"|Date
 
! scope="row"|Date
|The first reported access to the United Nations’ system was on 5 April 2021.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> The attackers were allegedly still active on the network up to 7 August 2021.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref>
+
|The first reported access to the United Nations’ system was on 5 April 2021.<ref name=":0">William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> The attackers were allegedly still active on the network up to 7 August 2021.<ref name=":0" />
 
|-
 
|-
 
! scope="row"|Suspected actor
 
! scope="row"|Suspected actor
|The identity of the hackers has not been yet determined.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> It is unclear whether it could have been a criminal group or if the actors were state-related.<ref>Pierluigi Paganini, [https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg], Security Affairs (10 September 2021)</ref>
+
|The identity of the hackers has not been yet determined.<ref name=":0" /> It is unclear whether it could have been a criminal group or if the actors were state-related.<ref name=":1">Pierluigi Paganini, [https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg], Security Affairs (10 September 2021)</ref>
 
|-
 
|-
 
! scope="row"|Target
 
! scope="row"|Target
  +
|United Nations’ computer network infrastructure.<ref name=":0" />
|United Nations’ computer network infrastructure.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref>
 
 
|-
 
|-
 
! scope="row"|Target systems
 
! scope="row"|Target systems
|According to several sources, including the cybersecurity firm that alerted the UN of the breach,<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> the hackers targeted the ''Umoja'' system, i.e. the United Nations’ “proprietary project management software”,<ref>Hamza Shaban, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ Hackers breached U.N. computer networks earlier this year], The Washington Post (9 September 2021); William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021); Pierluigi Paganini, [https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg], Security Affairs (10 September 2021); among others.</ref> and from there gained more extensive access to the UN’s network.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021). See also: Scott Ikeda, [https://www.cpomagazine.com/cyber-security/united-nations-data-breach-hackers-obtained-employee-login-from-dark-web-are-executing-ongoing-attacks-on-un-agencies/ United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies], CPO Magazine (16 September 2021)</ref>
+
|According to several sources, including the cybersecurity firm that alerted the UN of the breach,<ref name=":0" /> the hackers targeted the ''Umoja'' system, i.e. the United Nations’ “proprietary project management software”,<ref name=":2">Hamza Shaban, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ Hackers breached U.N. computer networks earlier this year], The Washington Post (9 September 2021)</ref> <ref name=":0" /> <ref name=":1" />and from there gained more extensive access to the UN’s network.<ref name=":3">Scott Ikeda, [https://www.cpomagazine.com/cyber-security/united-nations-data-breach-hackers-obtained-employee-login-from-dark-web-are-executing-ongoing-attacks-on-un-agencies/ United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies], CPO Magazine (16 September 2021)</ref><ref name=":0" />
 
|-
 
|-
 
! scope="row"|Method
 
! scope="row"|Method
|The suspected method of access to the management software was through UN employees’ accounts using stolen credentials – username and password –, acquired on the dark web.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> According to Bloomberg News, the same credentials were still sold by different users by 5 July 2021.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> The ''Umoja'' system accounts were allegedly not protected by a two-factor authentication feature, a standard security practice,<ref>Hamza Shaban, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ Hackers breached U.N. computer networks earlier this year], The Washington Post (9 September 2021)</ref> until July 2021.<ref>Pierluigi Paganini, [https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg], Security Affairs (10 September 2021)</ref>
+
|The suspected method of access to the management software was through UN employees’ accounts using stolen credentials – username and password –, acquired on the dark web. <ref name=":0" />According to Bloomberg News, the same credentials were still sold by different users by 5 July 2021. <ref name=":0" />The ''Umoja'' system accounts were allegedly not protected by a two-factor authentication feature, a standard security practice,<ref name=":2" /> until July 2021.<ref name=":1" />
 
|-
 
|-
 
! scope="row"|Purpose
 
! scope="row"|Purpose
|The purpose behind the incident has not been clarified. There was reportedly no damage or sabotage to the computer networks.<ref>Sarah Coble, [https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/ Hackers Steal Data from United Nations], InfoSecurity (9 September 2021)</ref> The attack allegedly aimed at performing “network intrusion”<ref>Hamza Shaban, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ Hackers breached U.N. computer networks earlier this year], The Washington Post (9 September 2021)</ref> and “compromising large numbers of users within the UN network for further long-term intelligence gathering”,<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> monitor and collection of specific data.<ref>Hamza Shaban, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ Hackers breached U.N. computer networks earlier this year], The Washington Post (9 September 2021)</ref>
+
|The purpose behind the incident has not been clarified. There was reportedly no damage or sabotage to the computer networks.<ref>Sarah Coble, [https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/ Hackers Steal Data from United Nations], InfoSecurity (9 September 2021)</ref> The attack allegedly aimed at performing “network intrusion” <ref name=":2" />and “compromising large numbers of users within the UN network for further long-term intelligence gathering”, <ref name=":0" />monitor and collection of specific data.<ref name=":2" />
 
|-
 
|-
 
! scope="row"|Result
 
! scope="row"|Result
|The cybersecurity company Resecurity informed the UN of the breach early in 2021. The UN stated on 9 September 2021 that the attack had been detected before said notification and that corrective actions had been and were being implemented.<ref>Stéphane Dujarric, [https://www.un.org/sg/en/node/258956 Note to Correspondents: In response to questions about a reported cyberattack], UN Spokesman for the Secretary-General (9 September 2021)</ref>
+
|The cybersecurity company Resecurity informed the UN of the breach early in 2021. The UN stated on 9 September 2021 that the attack had been detected before said notification and that corrective actions had been and were being implemented.<ref name=":4">Stéphane Dujarric, [https://www.un.org/sg/en/node/258956 Note to Correspondents: In response to questions about a reported cyberattack], UN Spokesman for the Secretary-General (9 September 2021)</ref>
 
 
  +
There was no reported damage to the system.<ref name=":3" /><ref name=":0" />According to Resecurity, the UN informed that the incident “was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network”, <ref name=":0" /><ref name=":3" />while no data was exfiltrated.<ref name=":1" />For its part, the company affirmed that on the latest breach the attackers compromised at least 53 UN accounts<ref name=":0" /> and that there was proof of data breach of UN computer system,<ref name=":0" /> including the theft of documents with sensitive information.<ref name=":1" />
There was no reported damage to the system.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021); Scott Ikeda, [https://www.cpomagazine.com/cyber-security/united-nations-data-breach-hackers-obtained-employee-login-from-dark-web-are-executing-ongoing-attacks-on-un-agencies/ United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies], CPO Magazine (16 September 2021)</ref> According to Resecurity, the UN informed that the incident “was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network”,<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021); Scott Ikeda, [https://www.cpomagazine.com/cyber-security/united-nations-data-breach-hackers-obtained-employee-login-from-dark-web-are-executing-ongoing-attacks-on-un-agencies/ United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies], CPO Magazine, (16 September 2021)</ref> while no data was exfiltrated.<ref>Pierluigi Paganini, [https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg], Security Affairs (10 September 2021)</ref> For its part, the company affirmed that on the latest breach the attackers compromised at least 53 UN accounts<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> and that there was proof of data breach of UN computer system,<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> including the theft of documents with sensitive information.<ref>Pierluigi Paganini, [https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg], Security Affairs (10 September 2021)</ref>
 
 
|-
 
|-
 
! scope="row"|Aftermath
 
! scope="row"|Aftermath
|The UN confirmed that the organization is frequently targeted by cyberattacks and that further attacks linked with the initial breach were detected.<ref>Stéphane Dujarric, [https://www.un.org/sg/en/node/258956 Note to Correspondents: In response to questions about a reported cyberattack], UN Spokesman for the Secretary-General (9 September 2021)</ref>
+
|The UN confirmed that the organization is frequently targeted by cyberattacks and that further attacks linked with the initial breach were detected.<ref name=":4" />
According to analysts, both the reconnaissance and the information stolen may be used to support future attacks against the UN or its agencies.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021); Hamza Shaban, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ Hackers breached U.N. computer networks earlier this year], The Washington Post (9 September 2021)</ref>
+
According to analysts, both the reconnaissance and the information stolen may be used to support future attacks against the UN or its agencies.<ref name=":0" /><ref name=":2" />
 
 
The ''Umoja'' system announced in July 2021 that it “migrated to Microsoft Corp.’s Azure, which provides multifactor authentication”<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> providing enhanced security against breaches.
+
The ''Umoja'' system announced in July 2021 that it “migrated to Microsoft Corp.’s Azure, which provides multifactor authentication”<ref name=":0" /> providing enhanced security against breaches.
 
|-
 
|-
 
! scope="row"|Analysed in
 
! scope="row"|Analysed in

Latest revision as of 11:45, 6 May 2022

Date The first reported access to the United Nations’ system was on 5 April 2021.[1] The attackers were allegedly still active on the network up to 7 August 2021.[1]
Suspected actor The identity of the hackers has not been yet determined.[1] It is unclear whether it could have been a criminal group or if the actors were state-related.[2]
Target United Nations’ computer network infrastructure.[1]
Target systems According to several sources, including the cybersecurity firm that alerted the UN of the breach,[1] the hackers targeted the Umoja system, i.e. the United Nations’ “proprietary project management software”,[3] [1] [2]and from there gained more extensive access to the UN’s network.[4][1]
Method The suspected method of access to the management software was through UN employees’ accounts using stolen credentials – username and password –, acquired on the dark web. [1]According to Bloomberg News, the same credentials were still sold by different users by 5 July 2021. [1]The Umoja system accounts were allegedly not protected by a two-factor authentication feature, a standard security practice,[3] until July 2021.[2]
Purpose The purpose behind the incident has not been clarified. There was reportedly no damage or sabotage to the computer networks.[5] The attack allegedly aimed at performing “network intrusion” [3]and “compromising large numbers of users within the UN network for further long-term intelligence gathering”, [1]monitor and collection of specific data.[3]
Result The cybersecurity company Resecurity informed the UN of the breach early in 2021. The UN stated on 9 September 2021 that the attack had been detected before said notification and that corrective actions had been and were being implemented.[6]

There was no reported damage to the system.[4][1]According to Resecurity, the UN informed that the incident “was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network”, [1][4]while no data was exfiltrated.[2]For its part, the company affirmed that on the latest breach the attackers compromised at least 53 UN accounts[1] and that there was proof of data breach of UN computer system,[1] including the theft of documents with sensitive information.[2]

Aftermath The UN confirmed that the organization is frequently targeted by cyberattacks and that further attacks linked with the initial breach were detected.[6]

According to analysts, both the reconnaissance and the information stolen may be used to support future attacks against the UN or its agencies.[1][3]

The Umoja system announced in July 2021 that it “migrated to Microsoft Corp.’s Azure, which provides multifactor authentication”[1] providing enhanced security against breaches.

Analysed in Although no scenario addresses this exact set of circumstances, relevant scenarios include:

Scenario 02: Cyber espionage against government departments
Scenario 04: A State’s failure to assist an international organization
Scenario 12: Cyber operations against computer data

Collected by: Dominique Steinbrecher

  1. 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 1.13 1.14 1.15 William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
  2. 2.0 2.1 2.2 2.3 2.4 Pierluigi Paganini, The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg, Security Affairs (10 September 2021)
  3. 3.0 3.1 3.2 3.3 3.4 Hamza Shaban, Hackers breached U.N. computer networks earlier this year, The Washington Post (9 September 2021)
  4. 4.0 4.1 4.2 Scott Ikeda, United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies, CPO Magazine (16 September 2021)
  5. Sarah Coble, Hackers Steal Data from United Nations, InfoSecurity (9 September 2021)
  6. 6.0 6.1 Stéphane Dujarric, Note to Correspondents: In response to questions about a reported cyberattack, UN Spokesman for the Secretary-General (9 September 2021)