[German]The United Nations was hacked in 2019. This was possible because systems were not patched. And then the responsible authorities at UN wanted to keep it all secret.
Advertising
Damn, kiss my ass! Two weeks ago I read this message from Bleeping Computer, telling that the United Nations are targeted by the Emotet malware via phishing attacks. Well, we all get phishing emails with such malware sooner or later.
The UN got hacked and they tried to keep it quiethttps://t.co/j4zMF7nm0j pic.twitter.com/L8s1g5ecWJ
— Catalin Cimpanu (@campuscodi) January 29, 2020
Just now, through two sources, the above tweet and this article, I came across the information that the United Nations was hacked in July 2019. It all came to light by accident, because journalists from The New Humanitarian came across a confidential report describing the hack while doing research.
Chronology of the hack
From July 2019, hackers broke into dozens of UN servers. On August 30, 2019, IT people working in the UN offices in Geneva issued a warning to their technical teams about a hacker incident:
"We assume that the entire domain is compromised. The attacker has shown no signs of activity so far, we assume that he has established his position and is now at rest."
Among the dozens of compromised UN servers were systems in the human rights offices and the human resources department. Administrator accounts were also taken over, according to a confidential UN report available to New Humanitarian. The hack is one of the largest ever known in the UN.
Advertising
The hack compromised personal data, the health insurance data of employees and the data of trade contracts. Employees were asked to change their passwords, but nobody informed them about the hack. Due to diplomatic immunity, the UN is not obliged to make the hack public or to notify those affected.
The nasty details
According to the linked article, the report states that the attack could have been avoided with a simple patch to fix a software bug. And the UN officials had been warned of major vulnerabilities for years. Made me curious after all.
SharePoint vulnerability CVE-2019-0604 from a year ago has been used to hack the UN. Three different UN agencies got owned, about 20 domain admin accounts accessed and implants on 40 servers. They didn't disclose. https://t.co/teGFqahVhK
— Kevin Beaumont (@GossiTheDog) January 29, 2020
Security researcher Kevin Beaumont was asked by the medium to analyse the confidential UN report. He posted the above tweet revealing details. The SharePoint vulnerability CVE-2019-0604 had not been patched – I reported this in May 2019 in the article SharePoint Vulnerability CVE-2019-0604 exploited in the wild.
Probably led to the fact that the UN had to completely rebuild after the attack of several systems. More details and the consequences of this hack, which was very sophisticated and is attributed to groups close to the state, will be reported in this article.
