Hackers broke into the United Nation’s computer networks, making out with a cache of data that could be used to initiate later cyberattacks on other governmental organizations.
The hack, which was first reported by Bloomberg and later confirmed by the U.N., occurred sometime earlier this year. It is believed that a hacker entered the system by using a stolen username and password that Bloomberg reported were likely purchased off the dark web.
The account was tied to the organization’s project management software, Umoja. Once they gained access, cybersecurity firm Resecurity, which discovered the breach, reported that the hackers were able to move deeper into the U.N.’s system.
“Organizations like the U.N. are a high-value target for cyber espionage activity,” Resecurity CEO Gene Yoo said. “The actor conducted the intrusion with the goal of compromising large numbers of users within the U.N. network for further long-term intelligence gathering.”
It’s just one of the many high-profile cybersecurity incidents that have taken place since the onset of the pandemic. The Colonial Pipeline Company was compromised during a ransomware attack in May, and JBS, the world’s largest meat producer, was targeted later that same month. Both companies were forced to temporarily pause operations as a result of the attacks.
Resecurity informed the U.N. of the attack and helped them identify the scope of the damage. Originally, the U.N. told the company the attack was limited to screenshots taken while hackers were in the network. When Resecurity proved that data was stolen, Bloomberg reported that the U.N. ceased communications with the company.
“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,” a U.N. spokesperson told Newsweek in a statement. “This attack had been detected before we were notified by the company cited in the Bloomberg article, and corrective actions to mitigate the impact of the breach had already been planned and were being implemented. At that time, we thanked the company for sharing information related to the incident and confirmed the breach to them.
“The United Nations is frequently targeted by cyberattacks, including sustained campaigns,” the statement continued. “We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach.”
This is not the first time the U.N. has fallen victim to an attack. In 2019, Forbes reported that hackers targeted the organization’s “core infrastructure” in an attack that focused on a known vulnerability in Microsoft’s SharePoint, an online collaborative platform used by the organization.
Newsweek previously reported that the cybersecurity industry is facing an employment shortage as companies struggle to stay a step ahead of multi-billion dollar hacking organizations. In the U.S. alone, roughly 359,000 jobs remain unfilled, according to a 2020 survey by a cybersecurity training nonprofit called (ISC)2. As the U.S. looks to improve its infrastructure, cyber will stand as a priority.
“Cybersecurity threats and incidents affect businesses of all sizes, small towns and cities in every corner of the country, and the pocketbooks of middle-class families,” the White House wrote in an August 25 statement. “To secure our critical infrastructure, this spring the Biden Administration launched a 100-day initiative to improve cybersecurity across the electric sector with others to follow.”