UN hacked: Attackers got in via SharePoint vulnerability
Last summer the UN’s database was compromised when hackers broke into 40 UN servers in offices located in Geneva and Vienna, obtaining access to sensitive data that could result in serious and far-reaching repercussions for staff and individuals associated with the UN. However, the UN failed to share the implications and details of the attack with authorities or the public until now, when TNH reporters uncovered a confidential report by the UN.
The attack started in July of 2019 when threat actors compromised a server at the UN Office in Vienna through a vulnerability in Microsft SharePoint that was later patched. The security hole was named CVE-2019-0604 and allowed the attackers to view active directories of individuals associated with the UN as well as other highly sensitive information. The hole was not patched by the UN IT staff after a month of the release of the patch.