United Nations was HACKED from April until August: Russian-speaking cybercriminals peddled employee’s stolen username and password on dark web for $1,000 to access vital info about government and humanitarian work across the globe
- Hackers gained access to the UN’s system in April and were still in last month
- The login credentials were being sold on the dark web by Russian-speaking cybercriminals for as little as $1K
- The UN allegedly stopped talking to the firm that alerted them to the breach
- Dozens of UN servers were hacked in 2019, including some from the human rights office
- Hackers are smarting up to the value of stolen data from large organizations
Hackers have been gathering data from the United Nations’ internal system since April, using an employee’s stolen login credentials that have been sold on the dark web for as little as $1,000.
The same combination of username and password was being sold by multiple Russian-speaking cybercriminals as late as July, but the identity of the hackers and their explicit purpose is still unknown.
The credentials offer access to the organization’s project management software Umoja. The entry point provides valuable insight into government and humanitarian work across the globe.
The UN, which is in constant contact with high-powered nations and companies, has been targeted by state-directed hackers before, but everyday cybercriminals are now going after large companies and organizations with the goal of selling access to highly coveted information.
Hackers gathered data from the United Nations through the organization’s project management software Umoja. Above, UN headquarters in New York City
A login was offered for as little as $1,000 by multiple Russian-speaking cybercriminals on the dark web, according to one cybersecurity expert. The purpose of the hack is unknown
Hackers gained access to the UN system on April 5 and were still active in the network a month ago, according to Bloomberg.
‘Organizations like the UN are a high-value target for cyber espionage activity,’ said Gene Yoo, the CEO of Resecurity, a cybersecurity firm that discovered the breach.
‘The actor conducted the intrusion with the goal of compromising large numbers of users within the UN network for further long-term intelligence gathering.’
Resecurity told the UN about a breach earlier this year. The UN responded that the hackers had only taken screenshots, but when the firm alerted them to stolen data, the organization stopped talking to them.
In 2018, Dutch and British law enforcement stopped Russian hackers from gaining access to the Organization for the Prohibition of Chemical Weapons, which frequently cooperates with the United Nations.
The organization was investigating the March 2018 poisoning of Sergei and Yulia Skripal, a Russian double-agent for British intelligence and his daughter, who was in England at the time. The attack left them both critically ill.
Colonial Pipeline paid more than $4 million in ransom to a hacker group that stopped their services in May until they got paid. More than half of the ransom was eventually recovered
Close to 50 million former, prospective and current T-Mobile customers had their IDs and social security numbers exposed in a huge breach revealed in August
In April, four Russians were caught with spying equipment at a hotel next to the OPCW, according to Reuters.
In October, the US Department of Justice indicted seven Russian intelligence (GRU) officers, four of whom allegedly took part in the planned hack. In 2020, the DOJ charged six hackers from the GRU for that and other breaches, including an attempt to disrupt the 2017 elections in France.
In 2019, dozens of UN servers were breached by unknown actors, including some at the UN human rights office, which collects sensitive data and has often been a lightning rod of criticism from autocratic governments for exposing rights abuses, according to the Associated Press.
‘Traditionally, organizations like the United Nations have been targeted by nation state actors, but as cybercriminals are finding ways to more effectively monetize stolen data and as access to these organizations is more frequently available for sale by initial access brokers, we expect to see them increasingly targeted and infiltrated by cybercriminals,’ Allan Liska, a senior threat analyst at Recorded Future, told Bloomberg about the latest breach.
The UN credentials were being sold in combination with dozens of usernames and passwords to various organizations for just $1,000, said Mark Arena, chief executive officer of security-intelligence firm Intel 471, in an interview with Bloomberg.
The credentials were marketed by multiple Russian-speaking cybercriminals, he said.
‘Since the start of 2021 we’ve seen multiple financially motivated cybercriminals selling access to the Umoja system run by the United Nations,’ Arena said.
‘These actors were selling a broad range of compromised credentials from a multitude of organizations at the same time. In a number of previous occasions, we’ve seen compromised credentials being sold to other cybercriminals, who have undertaken follow up intrusion activity within these organizations.’
Cybercriminals have targeted large operations before, sometimes holding their networks hostage for money.
In June, the Justice Department announced it had seized more than half of the $4.4 million ransom payment to DarkSide hackers.
The group interrupted access to Colonial Pipeline’s systems on May 7 until it was paid, triggering fuel shortages and panic buying at the pump.
Last month, T-Mobile announced that close to 50 million current, former and prospective US customers had their names, social security numbers, and IDs stolen by a ‘bad actor’ who snaked into the company’s system and allegedly posted the data for sale on an ‘underground forum.’
Motherboard reported that a hacker was selling a subset of the data with 30 million customers’ Social Security numbers and drivers’ licenses for six Bitcoin, or $270,000.
Source: Read Full Article