Cybercriminals have been harvesting data from the internal system of the United Nations (UN) since April, exploiting an employee’s stolen credentials that were obtained from a dark web platform.
According to latest reports, the login credentials, including a username and password, was published on the dark web for sale by Russian-speaking threat actors whose identities are yet to be known.
It turns out that the combination of personal information that was obtained by the hackers is valuable enough to offer inside access to the global body’s project management software. Analysts have raised alarm over the fact that this entry point offers cybercriminal access to critical insights about government and humanitarian efforts across the world.
While speaking to DailyMail.com, Gene Yoo (the CEO of cybersecurity firm Resecurity) said that the UN data breach was first brought to light by his firm following a dark web monitoring exercise in July.
The chief executive went on to confirm the widely-understood notion that organizations such as the UN have become prime targets for cybercriminals looking to make big bucks. Yoo intimated that the threat actors pulled off the hack with the aim of compromising users within the UN network as part of a long-term cyber espionage strategy.
The UN Has Acknowledged the Cyberattack
The UN has since confirmed the cyberattack, but asserted that the cybercriminals only made away with screenshots.
The global organization’s spokesperson Farhan Haq refuted claims that they first learnt of the hack from Resecurity and said that they had already detected a number of breaches. According to Farhan, early detection of the cyberattack has since been followed by mitigation measures by the UN in ensuring that the impact of the breach is contained.
The spokesperson went further to paint a picture of preparedness on the UN’s part and stated that the organization’s global standing has made it a common target for sustained cybercriminal campaigns.
Not the First Time
A senior threat analyst at Recorded Future told TIME.com that attacks on organizations like the UN are bound to increase and become highly targeted. Allan Liska, the analyst, connected the UN hack to nation state actors that have been finding more innovative approaches to monetize stolen data.
Looking back, Dutch and British authorities thwarted a planned 2018 cyberattack by Russian actors who targeted one of the UN’s most important partners, the Organization for the Prohibition of Chemical Weapons.
The organization came under the radar of cybercriminals in light of their investigations on the near-fatal March 2018 poisoning of a Russian double agent for British intelligence and his daughter in the UK.
Additionally, in 2019, data protection advocates placed the UN on the spot over allegations of attempting to hide reports of a hacking incident that was aimed at the organization’s IT systems in Europe – the decision may have placed staff, other major establishments, and people at serious risk.
Then, dozens of UN servers had been affected and a number of administrator accounts had been compromised in what was described as the largest hack to have ever been directed at the global organization.
