UNDP, City of Copenhagen Targeted in Data-Extortion Cyberattack
A ransomware gang claimed responsibility for the attack, though it is unknown if a ransom was demanded or paid.
The United Nations Development Programme (UNDP) became the victim of a cyberattack in late March, which also impacted the IT infrastructure of the city of Copenhagen, Denmark.
The UNDP received word of a data-extortion actor stealing its data, some of it related to human resources and procurement.
As the agency continues to assess the scope of the attack, the UNDP noted in a statement that "actions were immediately taken to identify a potential source and contain the affected server."
The UNDP determined which data was exposed and who is at risk because of the breach. It's also been in contact with those who have been impacted, as well as with stakeholders, such as UN system partners.
Though the UNDP has not confirmed who the threat actor was, 8Base, a ransomware gang, updated its website in early April, listing UNDP as one of its victims, along with three other entities. The group commented that information such as personal data, certificates, "a huge amount of confidential information," and invoices, among other things, were uploaded to the servers.
UNDP made no subsequent comment and didn't address whether a ransom has been demanded or paid.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024