United Nations investigating potential ransomware attack after data ripped from IT systems

UN Flag
(Image credit: Shutterstock / Alexandros Michailidis)

Hackers managed to break into the United Nations Development Programme (UNDP) IT systems in Copenhagen, stealing a wide range of sensitive data.

Ransomware gang 8Base has claimed responsibility, posting on its own website that the group had managed to get its hands on employment contracts, personal data, invoices and much more.

The UN is yet to point fingers at those responsible, but did issue a statement saying that the attack happened on March 27 - the same date 8Base listed the stolen data on its dark web site.

Yet another UN breach

In a statement the UN said, “On March 27, UNDP received a threat intelligence notification that a data-extortion actor had stolen data which included certain human resources and procurement information. Actions were immediately taken to identify a potential source and contain the affected server as well as to determine the specifics of the exposed data and who was impacted.”

As a large proportion of the data stolen contains information relating to employees of the UN, the organization is still assessing how many of its employees have been affected by the data theft but has said that it is working with victims of the breach to prevent their data being misused by the ransomware group.

The 8Base group operates using a bespoke version of the Phobos ransomware, and since beginning operations in early 2022 has successfully breached over 350 organizations.

While the hacking group claims some level of morality in its practice as an “honest and simple” group looking to expose organizations with less than adequate data security and privacy measures, their manipulative terms of service state that if victims involve any form of law enforcement in any capacity while negotiating payment, their data will be fully published on their site for all to see.

Via BleepingComputer

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.