The attackers’ purpose was not to destroy the systems or demand a ransom, but rather to gather information that they could later use or sell to other criminal actors. According to the UN Secretary-spokesman, General’s the organisation is “often targeted by cyberattacks.”
The United Nations’ servers were targeted by a cyber-attack this yearearlier, according to a storey published by Bloombergover the Saturday and Sunday. The attackers’ purpose, as per the report, was not to destroy the systems or demand a ransom, but rather to acquire information that they could subsequently use or sell to other criminal actors.StéphaneDujarric, spokesman for the UN secretary-general, confirmed the report and said that the The attack happened in April.
“This assault was discovered before we were alerted by the company mentioned in the Bloomberg report, and corrective efforts to reduce the consequences of the breach were already planned and were being implemented,” Dujarric said in a statement posted on the UN website. He also stated that “Cyberattacks on the United Nations, especially long-term campaigns, are common. We can also confirm that further attacks tied to the previous breach have been found and are being addressed.”
According to Bloomberg, the breach appears to have been simple, with the hackers most likely gaining access by purchasing a stolen login and password from a UN employee on the dark web. The credentials belonged to an account on the United Nations’ administration programme, Umoja, and from there, the attackers gained deeper access to the network. According to the study, the hackers gained access to the system on April 5, and they were still active on the network as of August 7.
According to Mark Arena, CEO of security firm Intel 471, “Since the beginning of 2021, we’ve witnessednumerous financially encouraged cybercriminals selling right of entry to the Umoja system track by the United Nations,” noting that the passwords used in the attack were put up for sale over the dark web by the Russian speakers as portion of a collection of tons of usernames and passwords to the numerous organisations.
As previously stated, the UN and its agencies have been the subject of cyberattacks.Forbes magazine revealed in 2019 that the United Nations’ core infrastructure had been penetrated in a cyberattack that used a weakness in Microsoft’s SharePoint platform, information that was only validated months later. It was stated at the beginning of this year that a weakness in the system, which allowed access to more than 100,000 UN Environment Programme (UNEP) staff records, had been detected and corrected before any damage was done.