Quote:A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization has confirmed.
That data lifted from the network can be used to target agencies within the UN, which already has experienced and responded to “further attacks” linked to the breach, Stéphane Dujarric, spokesman for the UN Secretary-General, told Bloomberg, which broke the news in a report published Thursday.
“We can confirm that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021,” Dujarric said, according to the report. “The United Nations is frequently targeted by cyberattacks, including sustained campaigns.”
In another high-profile attack in January 2020, the operators behind the notorious Emotet malware took aim at the UN with a concerted phishing campaign, the intent of which was to steal credentials and deliver the TrickBot trojan. The attack ultimately was found to be the result of a Microsoft SharePoint flaw, allowing attackers to steal 400 GB of sensitive data.
Read more: Stolen Credentials Led to Data Theft at United Nations | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
