UN data breach (2021): Difference between revisions
Jump to navigation
Jump to search
Content added Content deleted
(Uploaded new example) |
No edit summary |
||
| Line 1: | Line 1: | ||
{| class="wikitable" |
{| class="wikitable" |
||
! scope="row"|Date |
! scope="row"|Date |
||
|The first reported access to the United Nations’ system was on 5 April 2021.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> The attackers were allegedly still active on the network up to 7 August 2021.<ref |
|The first reported access to the United Nations’ system was on 5 April 2021.<ref name=":0">William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> The attackers were allegedly still active on the network up to 7 August 2021.<ref name=":0" /> |
||
|- |
|- |
||
! scope="row"|Suspected actor |
! scope="row"|Suspected actor |
||
|The identity of the hackers has not been yet determined.<ref |
|The identity of the hackers has not been yet determined.<ref name=":0" /> It is unclear whether it could have been a criminal group or if the actors were state-related.<ref name=":1">Pierluigi Paganini, [https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg], Security Affairs (10 September 2021)</ref> |
||
|- |
|- |
||
! scope="row"|Target |
! scope="row"|Target |
||
|United Nations’ computer network infrastructure.<ref name=":0" /> |
|||
|United Nations’ computer network infrastructure.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> |
|||
|- |
|- |
||
! scope="row"|Target systems |
! scope="row"|Target systems |
||
|According to several sources, including the cybersecurity firm that alerted the UN of the breach,<ref |
|According to several sources, including the cybersecurity firm that alerted the UN of the breach,<ref name=":0" /> the hackers targeted the ''Umoja'' system, i.e. the United Nations’ “proprietary project management software”,<ref name=":2">Hamza Shaban, [https://www.washingtonpost.com/business/2021/09/09/united-nations-hackers/ Hackers breached U.N. computer networks earlier this year], The Washington Post (9 September 2021)</ref> <ref name=":0" /> <ref name=":1" />and from there gained more extensive access to the UN’s network.<ref name=":3">Scott Ikeda, [https://www.cpomagazine.com/cyber-security/united-nations-data-breach-hackers-obtained-employee-login-from-dark-web-are-executing-ongoing-attacks-on-un-agencies/ United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies], CPO Magazine (16 September 2021)</ref><ref name=":0" /> |
||
|- |
|- |
||
! scope="row"|Method |
! scope="row"|Method |
||
|The suspected method of access to the management software was through UN employees’ accounts using stolen credentials – username and password –, acquired on the dark web.<ref |
|The suspected method of access to the management software was through UN employees’ accounts using stolen credentials – username and password –, acquired on the dark web. <ref name=":0" />According to Bloomberg News, the same credentials were still sold by different users by 5 July 2021. <ref name=":0" />The ''Umoja'' system accounts were allegedly not protected by a two-factor authentication feature, a standard security practice,<ref name=":2" /> until July 2021.<ref name=":1" /> |
||
|- |
|- |
||
! scope="row"|Purpose |
! scope="row"|Purpose |
||
|The purpose behind the incident has not been clarified. There was reportedly no damage or sabotage to the computer networks.<ref>Sarah Coble, [https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/ Hackers Steal Data from United Nations], InfoSecurity (9 September 2021)</ref> The attack allegedly aimed at performing “network intrusion”<ref |
|The purpose behind the incident has not been clarified. There was reportedly no damage or sabotage to the computer networks.<ref>Sarah Coble, [https://www.infosecurity-magazine.com/news/hackers-steal-data-from-united/ Hackers Steal Data from United Nations], InfoSecurity (9 September 2021)</ref> The attack allegedly aimed at performing “network intrusion” <ref name=":2" />and “compromising large numbers of users within the UN network for further long-term intelligence gathering”, <ref name=":0" />monitor and collection of specific data.<ref name=":2" /> |
||
|- |
|- |
||
! scope="row"|Result |
! scope="row"|Result |
||
|The cybersecurity company Resecurity informed the UN of the breach early in 2021. The UN stated on 9 September 2021 that the attack had been detected before said notification and that corrective actions had been and were being implemented.<ref>Stéphane Dujarric, [https://www.un.org/sg/en/node/258956 Note to Correspondents: In response to questions about a reported cyberattack], UN Spokesman for the Secretary-General (9 September 2021)</ref> |
|The cybersecurity company Resecurity informed the UN of the breach early in 2021. The UN stated on 9 September 2021 that the attack had been detected before said notification and that corrective actions had been and were being implemented.<ref name=":4">Stéphane Dujarric, [https://www.un.org/sg/en/node/258956 Note to Correspondents: In response to questions about a reported cyberattack], UN Spokesman for the Secretary-General (9 September 2021)</ref> |
||
There was no reported damage to the system.<ref name=":3" /><ref name=":0" />According to Resecurity, the UN informed that the incident “was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network”, <ref name=":0" /><ref name=":3" />while no data was exfiltrated.<ref name=":1" />For its part, the company affirmed that on the latest breach the attackers compromised at least 53 UN accounts<ref name=":0" /> and that there was proof of data breach of UN computer system,<ref name=":0" /> including the theft of documents with sensitive information.<ref name=":1" /> |
|||
There was no reported damage to the system.<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021); Scott Ikeda, [https://www.cpomagazine.com/cyber-security/united-nations-data-breach-hackers-obtained-employee-login-from-dark-web-are-executing-ongoing-attacks-on-un-agencies/ United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies], CPO Magazine (16 September 2021)</ref> According to Resecurity, the UN informed that the incident “was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network”,<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021); Scott Ikeda, [https://www.cpomagazine.com/cyber-security/united-nations-data-breach-hackers-obtained-employee-login-from-dark-web-are-executing-ongoing-attacks-on-un-agencies/ United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies], CPO Magazine, (16 September 2021)</ref> while no data was exfiltrated.<ref>Pierluigi Paganini, [https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg], Security Affairs (10 September 2021)</ref> For its part, the company affirmed that on the latest breach the attackers compromised at least 53 UN accounts<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> and that there was proof of data breach of UN computer system,<ref>William Turton and Kartikay Mehrotra, [https://www.bloomberg.com/news/articles/2021-09-09/united-nations-computers-breached-by-hackers-earlier-this-year UN Computer Networks Breached by Hackers Earlier This Year], Bloomberg (9 September 2021)</ref> including the theft of documents with sensitive information.<ref>Pierluigi Paganini, [https://securityaffairs.co/wordpress/122064/data-breach/united-nations-data-breach.html The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg], Security Affairs (10 September 2021)</ref> |
|||
|- |
|- |
||
! scope="row"|Aftermath |
! scope="row"|Aftermath |
||
|The UN confirmed that the organization is frequently targeted by cyberattacks and that further attacks linked with the initial breach were detected.<ref |
|The UN confirmed that the organization is frequently targeted by cyberattacks and that further attacks linked with the initial breach were detected.<ref name=":4" /> |
||
According to analysts, both the reconnaissance and the information stolen may be used to support future attacks against the UN or its agencies.<ref |
According to analysts, both the reconnaissance and the information stolen may be used to support future attacks against the UN or its agencies.<ref name=":0" /><ref name=":2" /> |
||
The ''Umoja'' system announced in July 2021 that it “migrated to Microsoft Corp.’s Azure, which provides multifactor authentication”<ref |
The ''Umoja'' system announced in July 2021 that it “migrated to Microsoft Corp.’s Azure, which provides multifactor authentication”<ref name=":0" /> providing enhanced security against breaches. |
||
|- |
|- |
||
! scope="row"|Analysed in |
! scope="row"|Analysed in |
||
Latest revision as of 11:45, 6 May 2022
| Date | The first reported access to the United Nations’ system was on 5 April 2021.[1] The attackers were allegedly still active on the network up to 7 August 2021.[1] |
|---|---|
| Suspected actor | The identity of the hackers has not been yet determined.[1] It is unclear whether it could have been a criminal group or if the actors were state-related.[2] |
| Target | United Nations’ computer network infrastructure.[1] |
| Target systems | According to several sources, including the cybersecurity firm that alerted the UN of the breach,[1] the hackers targeted the Umoja system, i.e. the United Nations’ “proprietary project management software”,[3] [1] [2]and from there gained more extensive access to the UN’s network.[4][1] |
| Method | The suspected method of access to the management software was through UN employees’ accounts using stolen credentials – username and password –, acquired on the dark web. [1]According to Bloomberg News, the same credentials were still sold by different users by 5 July 2021. [1]The Umoja system accounts were allegedly not protected by a two-factor authentication feature, a standard security practice,[3] until July 2021.[2] |
| Purpose | The purpose behind the incident has not been clarified. There was reportedly no damage or sabotage to the computer networks.[5] The attack allegedly aimed at performing “network intrusion” [3]and “compromising large numbers of users within the UN network for further long-term intelligence gathering”, [1]monitor and collection of specific data.[3] |
| Result | The cybersecurity company Resecurity informed the UN of the breach early in 2021. The UN stated on 9 September 2021 that the attack had been detected before said notification and that corrective actions had been and were being implemented.[6]
There was no reported damage to the system.[4][1]According to Resecurity, the UN informed that the incident “was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network”, [1][4]while no data was exfiltrated.[2]For its part, the company affirmed that on the latest breach the attackers compromised at least 53 UN accounts[1] and that there was proof of data breach of UN computer system,[1] including the theft of documents with sensitive information.[2] |
| Aftermath | The UN confirmed that the organization is frequently targeted by cyberattacks and that further attacks linked with the initial breach were detected.[6]
According to analysts, both the reconnaissance and the information stolen may be used to support future attacks against the UN or its agencies.[1][3] The Umoja system announced in July 2021 that it “migrated to Microsoft Corp.’s Azure, which provides multifactor authentication”[1] providing enhanced security against breaches. |
| Analysed in | Although no scenario addresses this exact set of circumstances, relevant scenarios include:
Scenario 02: Cyber espionage against government departments |
Collected by: Dominique Steinbrecher
- ↑ 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 1.13 1.14 1.15 William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ 2.0 2.1 2.2 2.3 2.4 Pierluigi Paganini, The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg, Security Affairs (10 September 2021)
- ↑ 3.0 3.1 3.2 3.3 3.4 Hamza Shaban, Hackers breached U.N. computer networks earlier this year, The Washington Post (9 September 2021)
- ↑ 4.0 4.1 4.2 Scott Ikeda, United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies, CPO Magazine (16 September 2021)
- ↑ Sarah Coble, Hackers Steal Data from United Nations, InfoSecurity (9 September 2021)
- ↑ 6.0 6.1 Stéphane Dujarric, Note to Correspondents: In response to questions about a reported cyberattack, UN Spokesman for the Secretary-General (9 September 2021)