Powered by MOMENTUM MEDIA

Breaking news and updates daily. Subscribe to our Newsletter!

Breaking news and updates daily. Subscribe to our newsletter

Hackers breach UN data network with stolen credentials

By Reporter
13 September 2021 | 1 minute read

Malicious actors breached the UN’s computer network earlier this year using stolen credentials likely bought off of the dark web, media outlets have reported.

According to findings from Bloomberg late last week, malicious actors were able to penetrate the UN's computer network with little more difficultly than purchasing stolen credentials of a UN employee off of the dark web.

Following the expose by Bloomberg, the UN confirmed the existence of the breach.

Advertisement
Advertisement

UN spokesman for the Secretary-General Stéphane Dujarric outlined that the UN had already begun undertaking corrective actions, and that the UN had identified subsequent attacks due to the initial data breach.

“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021. This attack had been detected before we were notified by the company cited in the Bloomberg article, and corrective actions to mitigate the impact of the breach had already been planned and were being implemented,” Dujarric said in a statement.

“At that time, we thanked the company for sharing information related to the incident and confirmed the breach to them.

PROMOTED CONTENT

“The United Nations is frequently targeted by cyber attacks, including sustained campaigns. We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach.”

According to Bloomberg’s original exposé, the credentials which were presumably bought on the dark web enabled access to Umoja, the UN’s management software, from where they could penetrate yet further.

 [Related: NCSC, CISA connect to combat ransomware]

Hackers breach UN data network with stolen credentials
cyber-security-connect-csc.jpg
lawyersweekly logo
newsletter
cyber security subscribe
Be the first to hear the latest developments in the cyber security industry.
Regular Podcast Updates