The United Nations was the target of a sophisticated hack in the summer of 2019, according to a confidential internal report obtained by The New Humanitarian.
The report claims that the hack affected dozens of UN servers and compromised staff records, health insurance, and commercial contract data. But most workers affected by the hack are only hearing about it now.
The hackers targeted servers at the United Nations’ Geneva and Vienna offices, as well as at the Geneva-based Office of the High Commissioner for Human Rights.
After viewing the report, Jake Williams, CEO of the cybersecurity firm Rendition Infosec, told the Associated Press he believes the hack was an act of espionage.
“The attackers have a goal in mind and are deploying malware to machines that they believe serve some purpose for them,” Williams explained.
According to the report, which is dated September 20, 2019, the UN hack began in mid-July 2019 and was detected the next month. However, many of the staff affected only heard about it following the report’s leak.
“Staff at large, including me, were not informed,” Ian Richards, president of the Staff Council at the United Nations, told the AP. “All we received was an email (on Sept. 26) informing us about infrastructure maintenance work.”