Sunday, November 27, 2022

UN affirms cyberattack on its network

The United Nations (UN) confirmed on Thursday that earlier this year, its secure computer networks underwent a cyberattack targeting a bundle of critical data to target agencies within the intergovernmental organization, according to Bloomberg. 

Hackers managed to secure in their pockets data from the UN’s internal system since April by simply wielding an employee’s login credentials sold in the dark web for no more than $1,000.

The user identification credentials belonged to an employee on the UN’s proprietary project management software known as Umoja.

Umoja program is an administrative reform initiative covering a complete re-work regarding how the organization handles its administration in processes and Information Technology solutions.

According to cybersecurity company Resecurity who identified the breach, hackers gained deep access into the organization’s servers on April 5th and remained active till August 7th.

“We confirm that unknown attackers were able to breach parts of the United Nations (communications) infrastructure in April of 2021,” stated Stephane Dujarric, spokesman for UN Secretary-General Antonio Guterres.

The UN informed the cybersecurity firm that the attack was strictly confined to reconnaissance where only internal network screenshots were obtained during the breach. However, by the time Resecurity presented the UN with valid proof that the hackers managed to put their hands on relevant data, the organization halted all communication with the firm. 

“Organizations like the UN are a high-value target for cyber-espionage activity. The actor conducted the intrusion to compromise a large number of users within the UN network for further long-term intelligence gathering,” said Gene Yoo, CEO of Resecurity.

Due to the fact that the Umoja account chosen by hackers to gain access was not empowered by two-factor authentication – which is a relatively simple security feature – the employee’s account was exposed to any potential breach.

Amidst the recent attack, hackers aimed to access and gain data regarding the UN’s computer network’s structure and jeopardize around 53 UN accounts, according to Resecurity.

The credentials, provided by various Russian-speaking cybercriminals, were put on the dark web as a collection of usernames and passwords going back to a bundle of organizations for no more than $1,000.

Nevertheless, this might not be bombshell news since the UN is no stranger to cyberattacks on its network infrastructure.

In 2018, a Russian cyberattack on the UN was discovered by Dutch and British law enforcement. The breach mainly focused on the Organization of the Prohibition of Chemical Weapons (OPCW).

The OPCW aims to endorse the provisions of the Chemical Weapons Convention (CWC) and enforce a credible and transparent regime to identify the destruction of chemical weapons while averting their re-emergence in any member State by providing the appropriate guidance against chemical weapons.