Security News > 2020 > January > UN hacked: Attackers got in via SharePoint vulnerability
The UN did not share that discovery with the authorities, the public, or even the potentially affected staff, and we now know about it only because TNH reporters got their hands on a confidential report by the UN. How was the UN hacked?
According to the report, the attack started in July 2019, when the attackers managed to compromise a server located at the UN Office in Vienna through CVE-2019-0604, a security hole in Microsoft SharePoint patched by Microsoft in February 2019 and subsequently widely exploited by attackers to hit a variety of targets worldwide.
The attackers then moved through UN's networks and ultimately reached systems at the UN Office in Geneva and the UN Office of the High Commissioner for Human Rights, also in Geneva.
The breach might not have happened if the SharePoint security vulnerability had been patched, but it's possible and likely that the attackers would have found another way in.
UN officials are targeted by attackers daily and some attacks are bound to be successful - especially when past security audits of UN systems, websites, applications, policies, etc.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/mc0fLoKFf3g/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-05 | CVE-2019-0604 | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 9.8 |