Latest in Gear

Image credit: LewisTsePuiLung via Getty Images

UN confirms it suffered a 'serious' hack, but didn't inform employees

Approximately 4,000 employees may have had their data compromised.
359 Shares
Share
Tweet
Share

Sponsored Links

LewisTsePuiLung via Getty Images

The United Nations was the victim of a massive, likely state-sponsored hacker attack this past summer, according to reports from The New Humanitarian and Associated Press. To make the matters worse, the organization didn't disclose the details and severity of the hack until those publications obtained an internal document on the situation.

Sometime this past July, a group of hackers took advantage of a flaw in Microsoft's SharePoint software and an unknown type of malware to gain access to dozens of servers at the UN's Geneva and Vienna offices, as well as the Office of the United Nations High Commissioner for Human Rights (OHCHR). The three offices employ approximately 4,000 staff between them.

"The attack resulted in a compromise of core infrastructure components," a spokesperson for the UN told The New Humanitarian. "As the exact nature and scope of the incident could not be determined, [the UN] decided not to publicly disclose the breach."

After reading over the report, Jake Williams, a former hacker for the US government, told the Associated Press, "the intrusion definitely looks like espionage." The hackers reportedly attempted to cover their tracks by deleting the logs that would have documented their entry into the UN's servers. "It's as if someone were walking in the sand, and swept up their tracks with a broom afterward," an anonymous UN official told the publication. "There's not even a trace of a clean-up."

The hackers reportedly downloaded approximately 400GB of data. The servers they breached contained sensitive employee information, but it's not clear exactly what they were able to download. The UN doesn't know the full extent of all the damage yet. Sometime after the attack happened, it told employees to change their passwords but didn't share full details on the situation.

This isn't the first time the UN has failed to disclose a cyberattack. In 2016, Emissary Panda, a group with ties to the Chinese government, accessed servers from the International Civil Aviation Organization. The UN only shared information about the breach after the Canadian Broadcasting Corporation reported on it. According to The New Humanitarian, the UN's unique diplomatic status means it doesn't have to disclose data breaches like other government agencies in the US and EU, something that puts it at odds against cybersecurity best practices.

News of the attack also comes at a time when state-sponsored cyberattacks have seemingly become more brazen. Last week, The Guardian reported that the phone of Amazon CEO Jeff Bezos was hacked by a WhatsApp account associated with Saudi crown prince Mohammed bin Salman. A day after the report came out, the UN called for an investigation into the hacking.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
359 Shares
Share
Tweet
Share

Popular on Engadget

The Morning After: Sony has three new smartphones

The Morning After: Sony has three new smartphones

View
TSA bans employees from making TikTok videos

TSA bans employees from making TikTok videos

View
Realme's X50 Pro is a cheaper 5G flagship with super-fast charging

Realme's X50 Pro is a cheaper 5G flagship with super-fast charging

View
Disney+ discounts yearly subscriptions ahead of its European launch

Disney+ discounts yearly subscriptions ahead of its European launch

View
Sony's mid-range Xperia 10 II packs an OLED display and triple cameras

Sony's mid-range Xperia 10 II packs an OLED display and triple cameras

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr