UN data breach (2021)
Date | The first reported access to the United Nations’ system was on 5 April 2021.[1] The attackers were allegedly still active on the network up to 7 August 2021.[2] |
---|---|
Suspected actor | The identity of the hackers has not been yet determined.[3] It is unclear whether it could have been a criminal group or if the actors were state-related.[4] |
Target | United Nations’ computer network infrastructure.[5] |
Target systems | According to several sources, including the cybersecurity firm that alerted the UN of the breach,[6] the hackers targeted the Umoja system, i.e. the United Nations’ “proprietary project management software”,[7] and from there gained more extensive access to the UN’s network.[8] |
Method | The suspected method of access to the management software was through UN employees’ accounts using stolen credentials – username and password –, acquired on the dark web.[9] According to Bloomberg News, the same credentials were still sold by different users by 5 July 2021.[10] The Umoja system accounts were allegedly not protected by a two-factor authentication feature, a standard security practice,[11] until July 2021.[12] |
Purpose | The purpose behind the incident has not been clarified. There was reportedly no damage or sabotage to the computer networks.[13] The attack allegedly aimed at performing “network intrusion”[14] and “compromising large numbers of users within the UN network for further long-term intelligence gathering”,[15] monitor and collection of specific data.[16] |
Result | The cybersecurity company Resecurity informed the UN of the breach early in 2021. The UN stated on 9 September 2021 that the attack had been detected before said notification and that corrective actions had been and were being implemented.[17]
There was no reported damage to the system.[18] According to Resecurity, the UN informed that the incident “was limited to reconnaissance, and that the hackers had only taken screenshots while inside the network”,[19] while no data was exfiltrated.[20] For its part, the company affirmed that on the latest breach the attackers compromised at least 53 UN accounts[21] and that there was proof of data breach of UN computer system,[22] including the theft of documents with sensitive information.[23] |
Aftermath | The UN confirmed that the organization is frequently targeted by cyberattacks and that further attacks linked with the initial breach were detected.[24]
According to analysts, both the reconnaissance and the information stolen may be used to support future attacks against the UN or its agencies.[25] The Umoja system announced in July 2021 that it “migrated to Microsoft Corp.’s Azure, which provides multifactor authentication”[26] providing enhanced security against breaches. |
Analysed in | Although no scenario addresses this exact set of circumstances, relevant scenarios include:
Scenario 02: Cyber espionage against government departments |
Collected by: Dominique Steinbrecher
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ Pierluigi Paganini, The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg, Security Affairs (10 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ Hamza Shaban, Hackers breached U.N. computer networks earlier this year, The Washington Post (9 September 2021); William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021); Pierluigi Paganini, The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg, Security Affairs (10 September 2021); among others.
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021). See also: Scott Ikeda, United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies, CPO Magazine (16 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ Hamza Shaban, Hackers breached U.N. computer networks earlier this year, The Washington Post (9 September 2021)
- ↑ Pierluigi Paganini, The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg, Security Affairs (10 September 2021)
- ↑ Sarah Coble, Hackers Steal Data from United Nations, InfoSecurity (9 September 2021)
- ↑ Hamza Shaban, Hackers breached U.N. computer networks earlier this year, The Washington Post (9 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ Hamza Shaban, Hackers breached U.N. computer networks earlier this year, The Washington Post (9 September 2021)
- ↑ Stéphane Dujarric, Note to Correspondents: In response to questions about a reported cyberattack, UN Spokesman for the Secretary-General (9 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021); Scott Ikeda, United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies, CPO Magazine (16 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021); Scott Ikeda, United Nations Data Breach: Hackers Obtained Employee Login From Dark Web, Are Executing Ongoing Attacks on UN Agencies, CPO Magazine, (16 September 2021)
- ↑ Pierluigi Paganini, The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg, Security Affairs (10 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)
- ↑ Pierluigi Paganini, The United Nations this week confirmed that its computer networks were hit by a cyberattack earlier this year, as first reported by Bloomberg, Security Affairs (10 September 2021)
- ↑ Stéphane Dujarric, Note to Correspondents: In response to questions about a reported cyberattack, UN Spokesman for the Secretary-General (9 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021); Hamza Shaban, Hackers breached U.N. computer networks earlier this year, The Washington Post (9 September 2021)
- ↑ William Turton and Kartikay Mehrotra, UN Computer Networks Breached by Hackers Earlier This Year, Bloomberg (9 September 2021)