SharePoint vulnerability led to the hacking of 42 servers with 400 GB of United Nations data

A few months ago, an information security firm reported the hacking of the United Nations (UN) headquarters, an incident that jeopardized the integrity of thousands of personal records of its employees. Despite the seriousness of the incident, the organization decided to cover it up at the time.

It is up to this point that the UN decided to publicly disclose the incident, previously revealed by The New Humanitarian, which until a couple of years ago was an official UN publication.

According to the information security report, dozens of servers were affected by an attack deployed between June and September 2019. Threat actors reportedly exploded multiple security bugs, despite subsequent attempts to repel the attack. The likely cause of the incident is the exploitation of a known vulnerability in SharePoint.

A security alert sent internally to UN system administrators mentions: “We work under the assumption that the entire domain has been compromised. So far, attackers have shown no signs of activity, although we assume they have already gained persistence in our systems.”

The UN IT personnel began to refer to this incident as “the great meltdown” after it was confirmed that the attackers accessed staff records, collective contracts, and other confidential details. In total, hackers compromised 40 servers, most of them based in Geneva, which equates to about 400 GB of exposed data.

Although the incident compromised multiple personal details, the organization’s IT team only recommended affected users to reset their passwords, without informing them that their information was available to hackers.

Information security specialists at the International Institute of Cyber Security (IICS) mention that, in similar cases, attacked companies must at least provide their employees or customers with identity fraud protection service and credit monitoring to reduce risk to affected users. This is serious, as to date there are hundreds of employees of the organization who are not even aware that their information is in the hands of cybercriminals.

In addition, the information security incident does not only involve UN administrative staff, but multiple senior officials were also affected, including members of the office of the High Commissioner for Human Rights. This is a serious situation, as many files handled by this committee have to do with political activists fighting for human rights in authoritarian settings, so it is vital to ensure that this information is not exposed on the network.