UN didn't patch SharePoint, covered up massive hack of multiple key systems – and kept most staff in the dark

2020-01-29 22:39

The United Nations' European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips.

Despite the size and extent of the hack, the UN decided to keep it secret.

Making matters worse, IT specialists had warned the UN for years that it was at risk from hacking.

The audit also found that less than half of the 38,105 staff had done a compulsory course in basic IT security that had been designed to help reduce overall security risks.

The hackers broke into a vulnerable SharePoint deployment in Vienna and then, with admin access, moved within the organization's networks to access the Geneva headquarters and then the OHCHR. One person who was shown the report - cybersecurity researcher Kevin Beaumont - said that the intrusion "Has the hallmarks of a sophisticated threat actor."

News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/29/un_covered_up_hack/

#UN #sharepoint #hack #patch