{"id":12900,"date":"2020-01-30T01:23:17","date_gmt":"2020-01-30T00:23:17","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=12900"},"modified":"2023-02-14T15:37:22","modified_gmt":"2023-02-14T14:37:22","slug":"un-2019-heftig-gehackt-hielt-das-aber-unter-verschluss","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/01\/30\/un-2019-heftig-gehackt-hielt-das-aber-unter-verschluss\/","title":{"rendered":"UN hacked in 2019, tried to keep it secret"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/01\/30\/un-2019-heftig-gehackt-hielt-das-aber-unter-verschluss\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The United Nations was hacked in 2019. This was possible because systems were not patched. And then the responsible authorities at UN wanted to keep it all secret. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg05.met.vgwort.de\/na\/cddf55b3108c4c069e9c5f54a674fe31\" width=\"1\" height=\"1\">Damn, kiss my ass! Two weeks ago I read <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/united-nations-targeted-with-emotet-malware-phishing-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">this message<\/a> from Bleeping Computer, telling that the United Nations are targeted by the Emotet malware via phishing attacks. Well, we all get phishing emails with such malware sooner or later.&nbsp; <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The UN got hacked and they tried to keep it quiet<a href=\"https:\/\/t.co\/j4zMF7nm0j\">https:\/\/t.co\/j4zMF7nm0j<\/a> <a href=\"https:\/\/t.co\/L8s1g5ecWJ\">pic.twitter.com\/L8s1g5ecWJ<\/a><\/p>\n<p>\u2014 Catalin Cimpanu (@campuscodi) <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1222557013621780481?ref_src=twsrc%5Etfw\">January 29, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Just now, through two sources, the above tweet and <a href=\"https:\/\/web.archive.org\/web\/20230130010858\/https:\/\/www.thenewhumanitarian.org\/investigation\/2020\/01\/29\/united-nations-cyber-attack\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>, I came across the information that the United Nations was hacked in July 2019. It all came to light by accident, because journalists from The New Humanitarian came across a confidential report describing the hack while doing research.&nbsp;&nbsp; <\/p>\n<h2>Chronology of the hack<\/h2>\n<p>From July 2019, hackers broke into dozens of UN servers. On August 30, 2019, IT people working in the UN offices in Geneva issued a warning to their technical teams about a hacker incident:<\/p>\n<blockquote>\n<p>\"We assume that the entire domain is compromised. The attacker has shown no signs of activity so far, we assume that he has established his position and is now at rest.\"<\/p>\n<\/blockquote>\n<p>Among the dozens of compromised UN servers were systems in the human rights offices and the human resources department. Administrator accounts were also taken over, according to a confidential UN report available to New Humanitarian. The hack is one of the largest ever known in the UN.<\/p>\n<p>The hack compromised personal data, the health insurance data of employees and the data of trade contracts. Employees were asked to change their passwords, but nobody informed them about the hack. Due to diplomatic immunity, the UN is not obliged to make the hack public or to notify those affected.<\/p>\n<h2>The nasty details<\/h2>\n<p>According to the linked article, the report states that the attack could have been avoided with a simple patch to fix a software bug. And the UN officials had been warned of major vulnerabilities for years. Made me curious after all.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">SharePoint vulnerability CVE-2019-0604 from a year ago has been used to hack the UN. Three different UN agencies got owned, about 20 domain admin accounts accessed and implants on 40 servers. They didn't disclose. <a href=\"https:\/\/t.co\/teGFqahVhK\">https:\/\/t.co\/teGFqahVhK<\/a><\/p>\n<p>\u2014 Kevin Beaumont (@GossiTheDog) <a href=\"https:\/\/twitter.com\/GossiTheDog\/status\/1222522757344301056?ref_src=twsrc%5Etfw\">January 29, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>Security researcher Kevin Beaumont was asked by the medium to analyse the confidential UN report. He posted the above tweet revealing details. The SharePoint vulnerability CVE-2019-0604 had not been patched &#8211; I reported this in May 2019 in the article <a href=\"https:\/\/borncity.com\/win\/2019\/05\/13\/sharepoint-vulnerability-cve-2019-0604-exploited-in-the-wild\/\">SharePoint Vulnerability CVE-2019-0604 exploited in the wild<\/a>. <\/p>\n<p>Probably led to the fact that the UN had to completely rebuild after the attack of several systems. More details and the consequences of this hack, which was very sophisticated and is attributed to groups close to the state, will be reported in <a href=\"https:\/\/web.archive.org\/web\/20230130010858\/https:\/\/www.thenewhumanitarian.org\/investigation\/2020\/01\/29\/united-nations-cyber-attack\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The United Nations was hacked in 2019. This was possible because systems were not patched. And then the responsible authorities at UN wanted to keep it all secret.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-12900","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=12900"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12900\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=12900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=12900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=12900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}