Malware
United Nations Agency Probes Devastating Ransomware Attack & Data Heist
The United Nations International Maritime Organization (IMO) is investigating a ransomware attack claimed by the 8Base hacking group. The IMO has assured that sensitive information remains secure and its essential services are operating, while cybersecurity experts work to restore systems and prevent future incidents.
Imagine you’re part of an organization that works tirelessly to help eradicate poverty and fight inequality and exclusion in over 170 countries. You rely on donations from UN member states and private sector/multilateral organizations to keep your mission going. Now, imagine waking up one day to find out that your IT systems have been breached, and sensitive human resources data has been stolen. That’s what happened to the United Nations Development Programme (UNDP).
In late March, the UNDP discovered that their local IT infrastructure in UN City, Copenhagen, had been hacked. They shared that the attackers had managed to steal certain human resources and procurement information. They quickly took action to identify the source, contain the affected server, and determine the specifics of the exposed data and who was impacted.
Now, the UNDP is investigating the nature and scope of the incident and assessing the attack’s impact on individuals whose information was stolen. They are also working with those affected by the breach, helping them protect their personal information from misuse.
The 8Base Connection
While the UNDP hasn’t pointed fingers at a specific threat group yet, the 8Base ransomware gang added a new UNDP entry to its dark web data leak website on the same day the breach was discovered. The attackers claim that the documents they managed to exfiltrate during the breach contain large amounts of sensitive information. The files they temporarily leaked via a now-expired link allegedly include personal data, accounting data, certificates, employment contracts, confidentiality agreements, invoices, receipts, and more.
8Base, which emerged in March 2022, saw a spike in activity in June 2023 as they began attacking companies across a broader range of industries and switched to double extortion. They launched their data leak site in May 2023, claiming to be “honest and simple” pen testers targeting “companies that have neglected the privacy and importance of the data of their employees and customers.” To date, this ransomware group has listed over 350 victims on its site, announcing up to six victims at once on some days. 8Base uses a customized version of Phobos ransomware, a malware that first surfaced in 2019 and shares many code similarities with Dharma ransomware.
It is worth noting that this isn’t the first time a UN agency has been hit by a cyberattack. The United Nations Environmental Programme (UNEP) disclosed a data breach in January 2021 after over 100,000 employee records containing personally identifiable information (PII) were exposed online. UN networks in Geneva and Vienna were also breached in July 2019 via a Sharepoint vulnerability, exposing staff records, health insurance, and commercial contract data in what a UN official described as a “major meltdown.”
Don’t Let This Happen to You – Act Now!
If there’s one thing we can learn from incidents like the UNDP breach, it’s that no organization is immune to cyberattacks. The best way to protect your organization is to stay vigilant and proactively assess your cybersecurity measures. As your trusted IT Services partner, we’re here to help you stay ahead of potential threats, ensuring your data and systems remain secure.
Don’t wait until it’s too late. Contact us today to discuss your cybersecurity needs and let’s work together to keep your organization safe. And make sure to keep coming back to learn more about the latest cybersecurity news and trends.