UN hacked via unpatched SharePoint server

Abstract

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. Then it failed to tell anyone, even though it produced a damning internal report.

The news emerged after an anonymous IT employee leaked the information to The New Humanitarian, which is a UN-founded publication that became independent in 2015 to report on the global aid community. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the “entire domain” was probably compromised by an attacker who was lurking on the UN’s networks.

A confidential report sent to the publication without permission by a UN IT official revealed that the cyberattack had started in mid-July last year. The hackers had compromised dozens of servers including those in its highly sensitive human rights operation, along with its human resources department.

Read more in

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.