Exploit: Credential Compromise
United Nations: Global Intergovernmental Organization
Risk to Business: 1.623 = Severe
Hackers have broken into the computer network of the United Nations and made off with data. The unidentified cybercriminals responsible for the hit appear to have gained access using employee login credentials stolen from a UN employee. Reports say that the bad actors logged into the employee’s Umoja account, the enterprise resource planning system implemented by the UN in 2015. This intrusion took place over an extended period of time. Investigators determined that the UN’s systems were first accessed by hackers on April 5, 2021, and that network intrusions continued to take place until August 7.
Individual Impact: No information was available at press time to clarify what type of data was stolen.
Customers Impacted: Unknown
How It Could Affect Your Customers’ Business: This is a big target that regularly handles and sensitive data. The fact that it took several months to detect an intrusion is worrying.
Source: Infosecurity Magazine