UNDP, City of Copenhagen Targeted in Data-Extortion Cyberattack
A ransomware gang claimed responsibility for the attack, though it is unknown if a ransom was demanded or paid.
The United Nations Development Programme (UNDP) became the victim of a cyberattack in late March, which also impacted the IT infrastructure of the city of Copenhagen, Denmark.
The UNDP received word of a data-extortion actor stealing its data, some of it related to human resources and procurement.
As the agency continues to assess the scope of the attack, the UNDP noted in a statement that "actions were immediately taken to identify a potential source and contain the affected server."
The UNDP determined which data was exposed and who is at risk because of the breach. It's also been in contact with those who have been impacted, as well as with stakeholders, such as UN system partners.
Though the UNDP has not confirmed who the threat actor was, 8Base, a ransomware gang, updated its website in early April, listing UNDP as one of its victims, along with three other entities. The group commented that information such as personal data, certificates, "a huge amount of confidential information," and invoices, among other things, were uploaded to the servers.
UNDP made no subsequent comment and didn't address whether a ransom has been demanded or paid.
About the Author(s)
You May Also Like
Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024