The United Nations was seriously compromised, but it did not report staff |
New reports from the magazine "Humanitarian and Associated Press" say that the United Nations was attacked by a major government-sponsored piracy last summer. Worse, the United Nations did not reveal the details and seriousness of the violation until the agencies received internal documents on the situation. Sex.
Last July, a group of hackers used Microsoft SharePoint vulnerabilities and unknown types of malware to reach dozens of servers in the UN offices in Geneva and Vienna and in the Office of the United Nations High Commissioner for Human Rights.
The three offices employ about 4,000 people, a spokesman for the new United Nations humanitarian agency said the attack had damaged a large portion of the infrastructure, and the United Nations decided not to increase the size of the incident, which could not be determined. Reveal it. violation.
Former government pirates Jake Williams, managing director of Rendition Infosec, a cyber security company, told the Associated Press that the hacker appears to be spying as the hacker tries to remove the entry in the records of the UN server. Logs to cover their tracks and no logs for the cleaning process.
It was reported that these hackers were able to recover approximately 400 GB of data, and that the server that had infiltrated it contained confidential, personal and confidential information, and it was not known exactly what they could retrieve. The full extent of all damages.
Internal documents issued by the United Nations Office of Information and Technology indicate that 42 servers were at risk, while another 25 servers were categorized as suspicious. After some time after the attack, the agency asked staff to change passwords, but did not disclose all the details of the situation.
It is worth noting that this is not the first time that a United Nations organization has failed to discover a cyberattack because the Panda Envoy team, which was linked to the Chinese government in 2016, has access to ICAO server and the UN has since had information on them. Share violations. Canadian Broadcasting Corporation Report.
According to the new humanitarian agency, the United Nations has a unique diplomatic status, which means it does not have to disclose data breaches like other government agencies in the United States and makes the European Union incompatible with best practices of cybersecurity.