"Hackers Steal Data from United Nations"

Researchers at cybersecurity firm Resecurity have discovered that hackers have broken into the computer network of the United Nations and made off with data.  The unidentified cybercriminals behind the theft appear to have gained access simply by using login credentials stolen from a UN employee.  The researchers stated that entry was gained by logging in to the employee’s Umoja account. Umoja, which means “unity” in Kiswahili, is the enterprise resource planning system implemented by the UN in 2015.  The researchers theorize that the username and password used in the cyberattack were purchased from a website on the dark web.  Researchers found that the hackers first accessed the UN’s systems on April 5, 2021, and that network intrusions continued to take place until August 7.   No evidence was found to suggest that the attackers had damaged or sabotaged the UN’s computer network. The hackers seem to have been motivated instead by a desire to collect information.  Resecurity stated that after reporting the security incident to the UN, it worked with the organization’s security team to determine the scale of the intrusion. While the UN reportedly believes the attack was a reconnaissance mission by hackers who took nothing but screenshots of the organization’s compromised network, Resecurity researchers say that data was stolen in the incident. The United Nations is frequently targeted by cyberattacks, including sustained campaigns. 

Infosecurity reports: "Hackers Steal Data from United Nations"