NEW YORK, SEPTEMBER 16 – Cyber-attacks to institutions and public administrations hit UN sensitive data this year. The information has been confirmed by Secretary-General’s spokesman Stéphane Dujarric, who declared that “unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021”.
The spokesman added that April’s cyber-attack was not an isolated event, with the UN server frequently hit by hackers, usually detected and responded to by the cyber-security department. Already two years, the UN confirmed during a press conference that offices in Geneva and Vienna had been targeted by a cyber-attack in August 2019, only after the news being reported by a newspaper. April’s intrusion has been detected by the UN IT department as well, but the hacker’s presence inside the network has been confirmed at the beginning of August by Resecurity, meaning that the attack is still running.
Hackers allegedly acquired the access credentials of an account on the UN’s project management platform ‘Umoja’, purchasing them on the dark web. This mode of intrusion is the most common when it comes to cyber-attacks, and although the identity of the intruders and the amount of data available to them are not clear, the model involves the demand for a ransom to be paid in crypto-currency to end the operation. In fact, while earlier attempts to breach UN agencies’ data were primarily carried out by state actors seeking confidential information, today the attacks mainly come from transnational groups of cyber-criminals whose purpose is the mere monetisation of the stolen data.
The attack to the UN is only the last of the cyber-attacks suffered by private companies, institutions or public administrations in 2021. In the US, the most important ones hit JBS (a food supplier) and the ‘U.S. East Coast’s fuel network’ (gasoline supplier), while in Italy the case of ‘Regione Lazio’ has gained considerable attention. In regard to this, President Biden called out prominent businesses in the tech industry, highlighting that “most of our critical infrastructure is owned and operated by the private sector, and the federal government can’t meet this challenge alone. You (Big techs, ed) have the power, capacity and responsibility, I believe, to raise the bar on cybersecurity”. This also applies to the United Nations, which has always been active in the fight against cyber terrorism through the agency UNOCT (UN Office of Counter-Terrorism). (@giorgiodelgallo)