A leaked confidential report from the United Nations revealed that dozens of servers belonging to United Nations were “compromised” at offices in Geneva and Vienna.

An internal confidential report from the United N ations that was leaked to The N ew Humanitarian revealed that dozens of servers of the organization were “compromised” at offices in Geneva and Vienna.

One of the offices that were hit by a sophisticated cyber attack is the U.N. human rights office , the hackers were able to compromise active directory and access a staff list and details like e-mail addresses. According to the report, attackers did not access passwords.

“One U.N. official told the AP that the hack, which was first detected over the summer, appeared “sophisticated” and that the extent of the damage remains unclear, especially in terms of p ersonal, secret or compromising information that may have been stolen.” reported the Associated Press, which has seen the report.

The level of sophistication of the attack and the specific nature of the target suggests the involvement of a nation-state actor.

“We were hacked,” declared U.N. human rights office spokesman Rupert Colville. “We face daily attempts to get into our computer systems. This time, they managed, but it did not get very far. Nothing confidential was compromised.”

The report states that at least 42 servers were “compromised,” three of them belonged to the Office of the High Commissioner for Human Rights. Experts suspect that another 25 servers located at the United Nations offices in Geneva and Vienna were also compromised.

“Technicians at the United Nations office in Geneva, the world body’s European hub, on at least two occasions worked through weekends in recent months to isolate the local U.N. data center from the Internet, re-write p asswords and ensure the systems were clean.” continues AP News.

The U.N. confidential report speculates that attackers could have exploited a vulnerability in Microsoft Sharepoint.

Pierluigi Paganini

( SecurityAffairs – United Nations, hacking)

Share this...

Linkedin Reddit Pinterest

Share On