The United Nations was impacted by a cyber-attack on its computer networks in Vienna and Geneva and they did not disclose it to the public. The attack enabled the hackers to access employee records, data on commercial contracts, and also health insurance records.
The cyber-attack began in mid-July last year and the hackers managed to compromise dozens of U.N. servers, breached several administrative accounts, and accessed data stored in systems belonging to human rights offices and the human resources department.
The affected servers were from the Office of the High Commissioner for Human Rights and the U.N. Economic Commission for Europe. This breach is one of the largest ever known to have affected the world body.
The attackers gained access via CVE-2019-0604, a known remote code execution vulnerability in Microsoft SharePoint that was disclosed in February 2019 and was later patched.
The United Nations’ IT team at its Geneva offices issued an internal alert about a successful cyber-attack on 30th August. They said that they are working under the assumption that the entire domain is compromised. As the attacker doesn’t show any signs of activity, they assume that the attackers have established their position and are dormant.
Only the Chiefs at Vienna and Geneva and internal IT teams knew about the breach.
A U.N. spokesperson admitted about the breach when contacted by The New Humanitarian and stated that they decided not to disclose it to the public even though the attack compromised “core infrastructure components”. However, the exact nature and scope of the incident were not determined.
According to a U.N. official the skill level of the hackers indicates that the attack must be state-sponsored. It is likely that this attack was carried out by a well-financed organized criminal or state-affiliated group, due to the efforts taken to hide the intrusion.