At the time of last July, a group of hackers took advantage of a vulnerability in Microsoft SharePoint and an unknown type of malware to access dozens of servers at the United Nations offices in Geneva and Vienna, as well as the Office of the United Nations High Commissioner for Human Rights OHCHR.
The three offices employ about 4,000 employees, and a UN spokesperson told New Humanitarian: The attack resulted in a breach of essential infrastructure components, and given the exact nature and scope of the incident, it was not possible to determine, the United Nations decided not to publicly disclose the breach.
Jake Williams, CEO of cyber security company Rendition Infosec and a former government hacker, told The Associated Press that the hack certainly looked like spying, as hackers were said to have tried to cover their tracks by deleting records that would have documented their entry to United Nations servers, and there is no No trace of the cleaning process.
The hackers were reportedly able to obtain about 400 GB of data, and the servers they hacked contain sensitive, personal and confidential information, and it is not clear exactly what they were able to obtain, and the United Nations does not know the full extent of all the damage yet.
The internal document of the United Nations Office of Information and Technology stated that 42 servers were at risk, while 25 other servers were considered suspicious, and sometime after the attack, the agency asked staff to change their passwords, but did not share the full details of the situation.
It is noteworthy that this is not the first time that the UN agency failed to detect a cyber attack, as in 2016 the Emissary Panda group, which has relations with the Chinese government, had access to ICAO servers, and the United Nations shared information about the breach after Report by Canadian Broadcasting Corporation.
According to The New Humanitarian Agency, the unique diplomatic status of the United Nations means that it does not have to disclose data breaches like other government agencies in the United States and the European Union, which leaves them at odds with cybersecurity best practices.
United nations
0 Comments