Three United Nations offices hacked
Three UN agencies pwned, 22 administrative-level accounts compromised and malware implanted on 40 servers
The United Nations was hacked via a Microsoft SharePoint vulnerability last year, with 20 administrative accounts compromised and malware implanted on 40 servers.
Furthermore, the UN chose to cover-up the attack, which has been described as "sophisticated", rather than publicly disclosing it.
In addition to entering the organisation via an unpatched SharePoint server install, the attackers were easily able to achieve lateral movement across multiple active directory domains in the UN's core infrastructure, according to security specialist Kevin Beaumont.
The attack has come to light following the leak of an internal report to Nairobi, Kenya-based news agency, The New Humanitarian, formerly IRIN News.
UN offices in Vienna and Geneva were compromised, as well as the UN Officer of the High Commissioner for Human Rights, also in Geneva. The organisation, according to the report, only informed the internal IT teams and the heads of the offices affected. Staff inside the United Nations don't appear to have been briefed on the nature and extent of the attack, according to Beaumont.
According to the leaked report, the attack started in mid-July, but was only discovered on 30th August. The UN office in Geneva appears to be the epicentre of the attacks. Its 1,600 staff work on a range of sensitive topics, including the ongoing Syria peace effort, the UN humanitarian coordination office and the Economic Commission for Europe.
Internal documents, databases, emails, commercial information, and personal data may have been available to the intruders
"Although it is unclear what documents and data the hackers obtained in the 2019 incident, the report seen by TNH implies that internal documents, databases, emails, commercial information, and personal data may have been available to the intruders - sensitive data that could have far-reaching repercussions for staff, individuals, and organisations communicating with and doing business with the UN," The New Humanitarian reports.
UN spokesperson Stéphane Dujarric admitted to the publication that the United Nations' core IT infrastructure in Geneva and Vienna were compromised. "As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach."
The UN enjoys diplomatic immunity, meaning that it isn't subject to EU regulations, such as GDPR, and isn't obliged to reveal the information obtained or to notify anyone who might be affected.
Not surprisingly, perhaps, the UN has repeatedly been the target of various cyber attacks, including one on the UN pension fund system in October 2019, and an attack linked with North Korea in March 2019.