Sophisticated hackers infiltrated U.N. offices in Geneva and Vienna last year in an apparent espionage operation, and their identity and the extent of the data they obtained is unknown. From a report:
The cyber attack the UN tried to keep under wraps
“If there are no consequences for the [UN] agencies for failures like these … there will be more breaches.”
An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says dozens of servers were compromised including at the U.N. human rights office, which collects sensitive data and has often been a lightning rod of criticism from autocratic governments for exposing rights abuses. Asked about the report, one U.N. official told the AP that the hack appeared “sophisticated” and that the extent of the damage remained unclear, especially in terms of personal, secret or compromising information that may have been stolen. The official, who spoke only on condition of anonymity to speak freely about the episode, said systems have since been reinforced. The skill level was so high it is possible a state-backed actor might have been behind it, the official said.
“It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official said. “There’s not even a trace of a clean-up.” The leaked Sept. 20 report says logs that would have betrayed the hackers’ activities inside the U.N. networks – what was accessed and what may have been siphoned out – were “cleared.” It also shows that among accounts known to have been accessed were those of domain administrators – who by default have master access to all user accounts in their purview. “Sadly … still counting our casualties,” the report says.