Hackers broke into the United Nations’ computer networks early this year and obtained a plethora of information that may be used to target UN institutions.
The hackers’ method of gaining access to the UN network appears to be simple: they probably used the username and password of a stolen UN employee purchased on the Dark Web to log in.
The credentials were associated with an account in Umoja, the UN’s proprietary project management software. According to cybersecurity firm Resecurity, which discovered the breach, hackers were able to get further access to the UN network from there.
Hackers were first recognised to obtain access to UN systems on April 5, and they remained active on the network until August 7.
“Organizations like the United Nations are a great target for cyber espionage,” said Gene Yoo, CEO of Resecurity. “The intrusion was carried out with the intention of involving a large number of users within the UN network for long-term intelligence gathering.”
The hack is the latest high-profile assault in a year when hackers have become more daring.
This year, JBS, the world’s largest beef producer, was attacked by a cyber-attack that caused the shutdown of US operations. Colonial Pipeline, which operates the country’s largest pipeline, was also hit by a ransomware attack.
Unlike earlier attacks, whomever broke into the UN’s computer networks did not cause any damage to the organization’s systems, but instead gathered information. Resecurity notified the UN of its most recent breach early this year and collaborated with the UN’s security team to determine the scope of the attack.
The attack was confined to reconnaissance, according to UN officials, and the hackers merely captured screenshots while on the network.
According to Resecurity’sYoo, the UN stopped communicating with the company once he produced evidence of stolen data.
Two-factor authentication, a basic security measure, was not enabled on the Umoja account accessed by the hackers. The system has transferred to Microsoft’s Azure, which allows multi-factor authentication, according to a July announcement on the Umoja website. According to an ad on Umoja’s website, this step “reduces the danger of cybersecurity attacks.”
Requests for comment were not returned by the UN.
Hackers have previously targeted the United Nations and its agencies. In 2018, Dutch and British security authorities foiled a Russian cyber-attack on the Organization for the Prohibition of Chemical Weapons (OPCW), which was probing the deployment of a lethal nerve toxin on British territory.
According to a Forbes article, the UN’s “essential infrastructure” was infiltrated in a cyberattack in August 2019 that targeted a known weakness in Microsoft’s SharePoint platform. The rape was not made public until the New Humanitarian news organisation broke the storey.
Hackers attempted to gather additional knowledge on how UN computer networks are structured, as well as compromise the accounts of 53 UN accounts, according to Resecurity. Bloomberg News was unable to identify the hackers or determine their motivation for breaking the UN’s rules.
As of July 5, Bloomberg News examined Dark Web advertising in which users from at least three markets were selling the identical credentials. Hackers may be able to hack in the future if they are identified, or sell the knowledge to other groups who may try to breach the United Nations.
“Traditionally, nation-state actors have targeted institutions like the United Nations, but hackers are discovering new ways to monetize stolen data, and access to these organisations is increasingly frequently accessible for sale via brokers. “With initial access, we expect to see them more attacked and ‘infiltrated’ by hackers,” said Allan Liska, Senior Threat Analyst at Recorded Future.
On the Dark Web, Liska said she discovered UN employee IDs and passwords for sale.
According to Mark Arena, CEO of security intelligence firm Intel 471, many Russian-speaking fraudsters supplied the credentials. The UN credentials were part of a patch of dozens of usernames and passwords for other institutions that was being sold just $ 1,000 (S$ 1,340)
“We’ve noticed a lot of financially motivated hackers selling access to the UN’s Umoja system since early 2021,” Arena added.
“At the same time, these players were selling a wide range of committed credentials from a variety of companies. We’ve seen compromised credentials sold to other fraudsters in the past, who carried out tracking intrusion activities at these companies.