A confidential internal document leaked to The New Humanitarian (TNH) suggests that hackers gained unauthorised access to the United Nation’s (UN) networks in Geneva and Vienna in 2019.
Top officials at the UN kept largely quiet about the incident which put staff, other organisations and individuals at risk, according to data protection advocates. Staff were told to reset their password, but not told why.
UN tech teams were informed of the incident in an August 2019 alert that stated: “We are working under the assumption that the entire domain is compromised. The attacker doesn’t show signs of activity so far, we assume they established their position and are dormant.”
Dozens of servers were compromised during the hack. Among those affected was the human rights office and its human resources department, according to the leak.
Roughly 400GB of data is believed to have been siphoned off by the hackers, including Active Directory of users, according to the TNH.
This attack is believed to be the largest ever on the UN and the incident was described by a senior UN official as a “major meltdown”.
An internal report on the incident, supposedly seen by the Associated Press (AP), indicates the hackers exploited a Microsoft SharePoint flaw to access the UN network and spread an unknown malware.
The UN confirmed to the TNH that it had kept the breach, which has been classified as a serious incident, quiet.
“The attack resulted in a compromise of core infrastructure components,” said UN spokesperson Stéphane Dujarric.
“As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach.”
- Coronavirus Sees Tech Giants Temporarily Shut Down China Offices
- EU Citizens Feel More Informed About Cybercrime
- Scotland Tops UK for Digital Proficiency in Schools
According to an anonymous UN official, since the incident the organisation’s systems have been reinforced. The official, who agreed to speak openly about the hack on the condition of anonymity, said the attack was very sophisticated and could be a state-backed actor due to the level of skill.
The type of malware deployed by the hackers is unknown, as is the location of the servers used to steal the data. It is also unclear how the attackers maintained presence on the network once inside.
“It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official added. “There’s not even a trace of a clean-up.”