The U.N. confirmed the incident but there are conflicting reports whether or not data was exfiltrated as a result.
If reports this week are to believed, the United Nations is still dealing with fallout around what sounds like a potentially massive breach last summer.
Computer systems belonging to the U.N. – the international peace organisation founded in 1945, after World War II – were broken into in July, 2019. The activity wasn’t detected until August, according to an Associated Press report this week.
The culprit, according to a report cited by the AP in The New Humanitarian, a news agency that reports on humanitarian issues, may have been a flaw in Microsoft’s SharePoint software, a commonly used platform used to share folders, files, and libraries with other users.
The attack involved dozens of compromised servers, according to a report apparently leaked to The New Humanitarian. While the U.N. has gone on record telling news outlets that no sensitive information was compromised in the attack, the New Humanitarian, citing a conversation with an unnamed senior U.N. IT official, claims upwards of 400 gigabytes of data was downloaded.
“The ‘user lists’ were key to the network and ‘once you’ve got privileged access, you’ve got into everything,’” the news agency said.
Despite the severity of the incident, it sounds, at least judging by The New Humanitarian’s reporting, like the U.N. attempted to cover up the hack.
“The attack resulted in a compromise of core infrastructure components,” UN spokesperson Stéphane Dujarric told The New Humanitarian. “As the exact nature and scope of the incident could not be determined, [the U.N. offices in Geneva and Vienna] decided not to publicly disclose the breach.”
The fact that the U.N.’s Office of the High Commissioner for Human Rights, an office that oversees data on dangerous conflicts, human rights violations, and socio-economic problems, was reportedly one of the offices hacked, is especially concerning. If that information fell into the wrong hands it could have grave ramifications.
According to the AP, even internal employees at the U.N. were left in the dark.
“Staff at large, including me, were not informed,” Ian Richards, president of the Staff Council at the United Nations, told the AP. “All we received was an email (on Sept. 26) informing us about infrastructure maintenance work.”
As part of the breach, technically 42 servers were what the U.N. referred to as “compromised,” another 25 were what it calls “suspicious.” Most of the servers resided in the U.N.’s offices in Geneva and Vienna.
Further details around the attack are unclear, like what type of malware may have been used in the attack, how the attackers managed to stay hidden within the networks for as long as they did, and if they did exfiltrate data, what command and control servers they used.
The AP report, citing intel from Comae Technologies’ Matt Suiche, suggests attackers gained entry to the UN via an anti-corruption tracker at the U.N.’s Office of Drugs and Crime.
Citing the leaked report, the AP said Wednesday that technicians at the office in Geneva have had to work through weekends on two occasions over the last couple of months to “isolate the local U.N. data center from the internet, re-write passwords and ensure the systems were clean.” The task required twenty machines to be rebuilt.
Full article attribution is made to its original source and author.