Malicious actors breached the UN’s computer network earlier this year using stolen credentials likely bought off of the dark web, media outlets have reported.
According to findings from Bloomberg late last week, malicious actors were able to penetrate the UN's computer network with little more difficultly than purchasing stolen credentials of a UN employee off of the dark web.
Following the expose by Bloomberg, the UN confirmed the existence of the breach.
UN spokesman for the Secretary-General Stéphane Dujarric outlined that the UN had already begun undertaking corrective actions, and that the UN had identified subsequent attacks due to the initial data breach.
“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021. This attack had been detected before we were notified by the company cited in the Bloomberg article, and corrective actions to mitigate the impact of the breach had already been planned and were being implemented,” Dujarric said in a statement.
“At that time, we thanked the company for sharing information related to the incident and confirmed the breach to them.
“The United Nations is frequently targeted by cyber attacks, including sustained campaigns. We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach.”
According to Bloomberg’s original exposé, the credentials which were presumably bought on the dark web enabled access to Umoja, the UN’s management software, from where they could penetrate yet further.
[Related: NCSC, CISA connect to combat ransomware]