Recently, the Intergovernmental organization, United Nations (UN) stated on Wednesday, January 29, that the UN offices in Geneva and Vienna were targeted by a security breach in the middle of 2019 and exposed lists of user accounts.
It should be mentioned that Geneva is the home of Human Rights Council, the High Commissioner for Human Rights, the High Commissioner for Refugees, the World Health Organization and the World Trade Organization, while Vienna include the International Atomic Energy Agency as well as the Office on Drugs and Crime.
The UN cyber attack
As reported by the Reuters, the UN spokesman Stephane Dujarric said that the attribution of any cyberattack is very uncertain as well as fuzzy, but in this case, the security breach was apparently a "well-resourced attack." He told the media that "The attack resulted in a compromise of core infrastructure components at both (Geneva) and (Vienna), and was determined to be serious."
In addition, the spokesperson said that the damage related to the cyberattack has been contained and additional mitigation measures implemented. Dujarric also mentioned that even though the recent menace is over, the cyber threat for future attacks on the UN continues. "The United Nations Secretariat detects and responds to multiple attacks of various level of sophistication often," he said.
Access gained by hackers
The UN Human Rights Office mentioned in a statement that the hackers gained access to the network but they did not hold any sensitive data or confidential information. The statement also read that "The hackers did manage to access our Active User Directory, which contains the user IDs for our staff and devices. However, they did not succeed in accessing passwords. Nor did they gain access to other parts of the system."
Earlier UN did not disclose anything about this hacking incident into their IT systems. As reported by The New Humanitarian, this sophisticated cyberattack had started more than a month earlier but was only just being fully uncovered. Several systems and servers were compromised some administrator accounts breached.
Last year, on August 30, IT officials at the UN's Geneva offices issued an alert to their tech teams about a security breach incident stating that "We are working under the assumption that the entire domain is compromised. The attacker doesn't show signs of activity so far, we assume they established their position and are dormant.'
The UN staff were asked to change their passwords, but were not told of the large breach or that some of their personal data may have been compromised.
Shay Nahari, Head of Red Team Services, CyberArk told IBTimes Singapore-
The compromise of core infrastructures at the UN is troubling – especially considering the specific offices targeted and the information they hold. One of the most critical steps for the UN to take now should be focused on strategic post-breach actions focused on remediation – such as ensuring credentials are properly managed, rotated and audited to stop additional incidents or any attempt at lateral movement. Once attackers gain control over an entire infrastructure, they can persist and hide to have a longer-term presence. How they got in, or why, is irrelevant now.