UN hacked in 2019, tried to keep it secret

[German]The United Nations was hacked in 2019. This was possible because systems were not patched. And then the responsible authorities at UN wanted to keep it all secret.


Damn, kiss my ass! Two weeks ago I read this message from Bleeping Computer, telling that the United Nations are targeted by the Emotet malware via phishing attacks. Well, we all get phishing emails with such malware sooner or later. 

Just now, through two sources, the above tweet and this article, I came across the information that the United Nations was hacked in July 2019. It all came to light by accident, because journalists from The New Humanitarian came across a confidential report describing the hack while doing research.  

Chronology of the hack

From July 2019, hackers broke into dozens of UN servers. On August 30, 2019, IT people working in the UN offices in Geneva issued a warning to their technical teams about a hacker incident:

"We assume that the entire domain is compromised. The attacker has shown no signs of activity so far, we assume that he has established his position and is now at rest."

Among the dozens of compromised UN servers were systems in the human rights offices and the human resources department. Administrator accounts were also taken over, according to a confidential UN report available to New Humanitarian. The hack is one of the largest ever known in the UN.


The hack compromised personal data, the health insurance data of employees and the data of trade contracts. Employees were asked to change their passwords, but nobody informed them about the hack. Due to diplomatic immunity, the UN is not obliged to make the hack public or to notify those affected.

The nasty details

According to the linked article, the report states that the attack could have been avoided with a simple patch to fix a software bug. And the UN officials had been warned of major vulnerabilities for years. Made me curious after all.

Security researcher Kevin Beaumont was asked by the medium to analyse the confidential UN report. He posted the above tweet revealing details. The SharePoint vulnerability CVE-2019-0604 had not been patched – I reported this in May 2019 in the article SharePoint Vulnerability CVE-2019-0604 exploited in the wild.

Probably led to the fact that the UN had to completely rebuild after the attack of several systems. More details and the consequences of this hack, which was very sophisticated and is attributed to groups close to the state, will be reported in this article.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *