The United Nations has confirmed its infrastructure was breached earlier this year. Additional attacks linked to the earlier breach have also been detected and are now under investigation.
Stéphane Dujarric, spokesman for the Secretary-General, released a statement following a Bloomberg report sharing details of the breach. "We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021," he wrote, noting the attack had been detected before officials were notified by a security firm, named as Resecurity in the Bloomberg report, and that remediation was already being planned and implemented.
Attackers likely broke into UN infrastructure using the stolen username and password of a UN employee bought on the Dark Web, the report states. These credentials granted access to an account for Umoja, the UN's proprietary project management software. The account attackers accessed was not protected with multifactor authentication, the report notes.
From this entry point, the attackers could further infiltrate the UN network, says Resecurity, which found the breach and claims the earliest known date attackers accessed UN systems was April 5. They were still active as of Aug. 7.
"The United Nations is frequently targeted by cyberattacks, including sustained campaigns," Dujarric wrote. "We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach."
Read the full report for more details.