Security News > 2021 > September > Stolen Credentials Led to Data Theft at United Nations

Stolen Credentials Led to Data Theft at United Nations
2021-09-10 10:46

A threat actor used stolen credentials from a United Nations employee to breach parts of the UN's network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed.

"We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021," Dujarric said, according to the report.

The attack ultimately was found to be the result of a Microsoft SharePoint flaw, allowing attackers to steal 400 GB of sensitive data.

The stolen credentials at the center of the latest attack belonged to an account on the UN's proprietary project management software, called Umoja, according to the report.

The user of the account apparently had not enabled two-factor authentication to secure entry, allowing attackers to use credentials to access the software and move deeper into the network from there, security firm Resecurity told the UN, according to the report.

While it's not clear if attackers obtained UN-specific credentials or if the user was re-using credentials from another account, eliminating the use of passwords from as many systems as possible could be one way to solve the problem, he said.


News URL

https://threatpost.com/data-theft-united-nations/169357/