At the beginning of 2021, a hacking group managed to compromise the computer systems of the United Nations (UN) in order to steal a large amount of information that would allow them to attack other international agencies. Apparently, the hackers used an unsophisticated method, which included using usernames and passwords available for sale on the dark web.
Apparently, these compromised login credentials belonged to accounts of Umoja, a project management software patented by the UN. From that point, threat actors were able to gain access to other systems of the Organization; these attacks would have begun on April 7, maintaining persistence until August 7.
Gene Yoo, director of security firm Resecurity mentions: “Organizations like the UN are a target of interest for cyber espionage groups. These criminals carried out the intrusion in order to collect confidential information.”
The Umoja account used by the hackers was not protected with multi-factor authentication, so it was easy for cybercriminals to go unnoticed. According to an announcement on Umoja’s website, the system migrated to Microsoft Azure, which provides multi-factor authentication, although this measure was taken after the incident.
This is not the first time the UN has been targeted by a similar attack. In 2018, British and Dutch security agencies foiled a cyberattack against the Organization for the Prohibition of Chemical Weapons allegedly deployed by Russian threat actors. Months later, the Organization’s critical infrastructure was affected through a SharePoint deployment, although the incident does not appear to have had any consequences to regret.
In this latest incident, hackers tried to follow up on more information about how UN computer networks are built and compromise the accounts of 53 UN accounts. At the moment the identity of the hacking group responsible for the attack is unknown. The credentials used by this group have been offered by several Russian-speaking cybercriminals, and could be part of a larger security incident.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.