Posted on September 10, 2021 at 6:54 PM

United Nations Admits to Hack as Attackers List UN Software for Sale

A recent report has stated that unidentified hackers gained entry to the computer systems of the United Nations in April. The UN has also added that since the April intrusion, other similar attacks have also been discovered in recent months that have compromised the digital security of the multinational organization.

The recent admission by the UN comes after several reports state that UN’s software had been listed for sale on several cybercriminal platforms. The software in question is used by the organization to handle internal projects. If threat actors exploit the software, it could provide valuable information to those who want to demand ransomware from the organization or siphon data.

Hackers Breached UN Software Infrastructure

In a statement, UN’s spokesperson, Stephane Dujarric, stated that “We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021.”

“We can also confirm that further attacks have been detected and are being responded to that are linked to the earlier breach,” he added.

According to Resecurity, a cybersecurity firm based in California, the UN has been informed about an attack at the beginning of the year after the security firm detected login credentials affiliated to the UN being sold on the dark web. The cybersecurity firm also stated that the multinational body had taken the necessary steps to reduce the attack’s impact. However, it failed to mention any further details on the matter.

Other security firms have also confirmed the attack. Speaking to CNN, Alex Holden, the founder of Hold Security, stated that his firm has also gained access to information about a cybercriminal group purporting to have data belonging to the UN.

In January 2020, the UN admitted to yet another attack on its systems. According to the report at the time, the body stated that the threat actors were targeting the UN’s offices in Vienna and Geneva. The UN also stated that the threat actors behind these attacks possessed ample resources.

Hacking Attacks on International Bodies Increase

Cybersecurity attacks have been on the rise in recent months, and the threat actors have gone beyond to attack hospitals, energy companies and firms that offer humanitarian services. This shows that international bodies have invested more in developing solid cybersecurity systems that will protect their data.

In 2018, cybersecurity groups published details of a Chinese espionage operation to obtain information from the European Union diplomatic division. In April 2021, the EU also stated that it was investigating another separate attack that affected several networks.

In its statement, the EU revealed that the hack happened in March, but there was limited evidence to show that the hackers had gained access to any sensitive data. The European Commission Spokesman also added that there was no proof that a major information breach had happened.

“The European Commission and other EU institutions, bodies or agencies have experienced an IT security incident in their IT infrastructure. Forensic analysis is in its initial phase; at this stage, it is too early to provide any conclusive information,” the Commission spokesman said at the time.

He also added that since the attack, the EU had set up round-the-clock surveillance, and it was taking the relevant measures to ensure that similar attacks do not happen in future.

In July, the United States and its allies issued a statement accusing China of participating in a worldwide espionage campaign. The countries that joined the US in issuing this statement was Australia, Britain, Canada, Japan, New Zealand, NATO and the European Union.

Speaking at the time, the US Secretary of State, Anthony Blinken, stated that espionage posed a threat to the economic and national security of countries.

At the time of issuing this statement, the US Department of Justice charged four Chinese nationals for being involved in hacking attacks that targeted schools, companies and government agencies in the United States and other countries.

However, China has spoken out against these allegations. After the statement by the US and its allies, China’s foreign ministry spokesperson, Zhao Lijian, stated that the accusations were maliciously fabricated for political reasons.

In a news conference held in Beijing in July, Lijian stated that China would not accept the allegations as they did not come with any form of evidence. The Chinese embassy in Washington also refuted these claims stating that they were “irresponsible.”

The pandemic has also fuelled cybersecurity attacks, given that many organizations are urging people to work from home. With such a decentralized system, it becomes difficult for institutions to implement the right cybersecurity systems that will guarantee the security of everyone involved.