Leaked report reveals United Nations was hacked in 2019

The latest report suggests that a group of sophisticated hackers have managed to hack an internal confidential document from the United Nations. The report suggests that researchers have found the United Nations was hacked last year.

The UN suffered a cyberattack exposing huge volumes of data last year. The database that was compromised when hackers broke into over 40 UN servers last year. UN did not disclose the data breach back then. The report remained hidden until the attack occurred in mid-July 2019. The initial report was revealed by The New Humanitarian (TNH) and seen by the Associated Press (AP).

According to the report, attackers comprised the United Nations servers located in Europe. The affected servers include the UN office in Geneva, Vienna, and the High Commissioner for Human Rights (OHCHR) headquarters in Geneva. The major attack has affected as many as 33 servers.

In July 2019, the threat actors compromised a server at the UN Office in Vienna by leveraging a vulnerability in Microsoft SharePoint. The vulnerability codenamed as CVE-2019-0604 allowed attackers to view the active directories of individuals associated with the UN and along with other sensitive information. While Microsoft later patched the vulnerability, the United Nations IT staff took another month to patch the hole.

What worsened the matter was the UN’s efforts to conceal the matter. The UN spokesperson Stéphane Dujarric said, “The attack resulted in a compromise of core infrastructure components. As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach.”

The scope of the attack is far greater than what the UN had earlier anticipated. UN officials have been smart enough to remove all the traces of the attack. The attackers were quick enough to clear all logs from administrator-level accounts that already possess master access to all accounts. Even now, the UN continues to downplay the incident.