In a clear cyber attack launched in July 2019, hackers broke into the IT systems of the United Nations offices in Geneva and Vienna. The United Nations did not immediately disclose the attack immediately after the incident, or even disclose to employees the nature and scope of the incident. It was only recently that senior officials in the UN’s IT department confirmed that they had been hit by a sophisticated cyber attack, with an estimated 400GB of data being compromised.
United Nations Office in Vienna Photo from Wiki Media
It officials at the United Nations office in Geneva appeared to be aware of the hack a month later and alerted their technical team in August 2019, The New Humanitarian reported.
In an interview, he said: “We continue to work on the assumption that the entire domain has been compromised.” So far, the attackers have shown no signs of activity, and I think we’ve locked them down and are currently dormant. ”
In a confidential United Nations report disclosed by the media, it also referred to the destruction of “dozens of United Nations servers”, including the systems of its human rights office and personnel department, some administrator accounts, and the heading “Still count ours”.
U.N. spokesman St?phane Dujarric classified the incident as “severe” and noted that the violation had not been publicly disclosed because it could not be determined because it was not certain.
In such cases, a “cover-up culture” is usually followed, and the incident was not disclosed to affected employees, who were asked to change their passwords after the leak, and the only informed parties including the in-house IT team and the United Nations head office at Geneva and the United Nations Office at Vienna.
The attack reportedly used some unknown malware and took advantage of a vulnerability in Microsoft SharePoint (CVE-2019-0604), which has been released for months but has not yet been deployed.
The leaked data is said to include personnel records and information on thousands of commercial contracts, as hackers gained access to administrators on the network and eventually infiltrated 40 servers of the organization’s offices in Vienna and Geneva, including its High Commissioner’s Office.