The United Nations’ computer systems were penetrated by unidentified hackers in April, and the global body has had to fend off related hacks in the months afterwards, according to a UN official.
Multiple private cybersecurity specialists warned that cybercriminal forums had been selling access to login passwords for software used by the UN to handle internal projects in recent months. Intruders attempting to extort the UN or steal data could benefit from the software.
After an earlier revelation from Bloomberg News, UN spokesperson Stéphane Dujarric said in a statement, “We can confirm that unknown attackers were able to access elements of the United Nations system in April of 2021.”
“We can also confirm that further attacks tied to the earlier breach have been found and are being addressed,” he added.
After discovering the login credentials for sale on the dark web early this year, the California-based cybersecurity firm Resecurity informed UN officials, according to CNN. Before Security contacted the UN, Dujarric stated the UN had taken efforts to reduce the consequences of the hack, but he declined to elaborate.
According to CNN, Alex Holden, the founder of Hold Security, an IT security business, one significant cybercriminal group claimed access to UN software in early April.
Unidentified hackers targeted the UN’s Geneva and Vienna offices with a “apparently well-resourced” cyberattack the previous year, the UN said in January 2020.
Other data breaches show what’s at stake for international organizations attempting to protect their sensitive communications.
In 2018, cybersecurity experts revealed a multi-year alleged Chinese hacking operation aimed at infiltrating European Union diplomatic cables. The EU announced in April that it was looking into a second IT security breach that compromised various networks.