The servers of the UN were hit by a cyberattack earlier this year, a report by Bloomberg revealed over the weekend. According to the report, the goal of the attackers was not to damage the systems or demand ransom, but rather to collect information that they could use later or sell to other malicious actors. Stéphane Dujarric, spokesman for the UN secretary-general, confirmed the report and said that the attack occurred in April.
“This attack had been detected before we were notified by the company cited in the Bloomberg article, and corrective actions to mitigate the impact of the breach had already been planned and were being implemented,” Dujarric said in a statement posted on the UN website. He added that "The United Nations is frequently targeted by cyberattacks, including sustained campaigns. We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach."
According to Bloomberg, the breach appears to have been unsophisticated, with the hackers likely to have gotten in using the stolen username and password of a UN employee purchased off the dark web. The credentials belonged to an account on the UN's management software called Umoja, and from there, the attackers were able to gain deeper access to the network. According to the report, the earliest known date the hackers obtained access to the system was April 5, and they were still active on the network as of Aug. 7.
Mark Arena, CEO of security-intelligence firm Intel 471, told the news agency that "Since the start of 2021 we’ve seen multiple financially motivated cybercriminals selling access to the Umoja system run by the United Nations," noting that the passwords used in the attack were put up for sale on the dark web by Russian speakers as part of a group of dozens of usernames and passwords to various organizations for just $1,000.
As mentioned, the UN and its agencies have previously been targets of cyberattacks. In 2019, Forbes magazine reported that the UN's core infrastructure was compromised in a cyberattack that exploited a vulnerability in Microsoft’s SharePoint platform, information that was only officially confirmed months later. In the beginning of this year, it was reported that a vulnerability in the system, which enabled access to more than 100,000 employee records of the UN Environment Programme (UNEP), had been discovered and patched before any damage was caused.