UN hack: Experts monitoring violations of sanctions on North Korea hit by 'sustained' cyberattack
The panel chair described the breach as part of a "sustained cyber campaign".
Experts monitoring violations of sanctions on North Korea for the United Nations were reportedly hit with a "sustained" cyberattack by unknown hackers earlier this month. The mysterious hackers "with very detailed insight" into the panel's work managed to infiltrate the computer belonging to one of the experts on 8 May, Reuters reports.
In a warning email to UN officials and the UN Security Council's North Korea sanctions committee - also known as the 1718 committee - the panel chair described the breach as part of a "sustained cyber campaign".
The chair of the panel of experts said a zip file with a "highly personalised message" was sent to one of the investigators "which shows the hackers have a very detailed insight into the panel's current investigations structure and working methods".
"As a number of 1718 committee members were targeted in a similar fashion in 2016, I am writing to you all to alert you to this heightened risk," the panel chair wrote.
Another email sent by the UN sanctions committee secretary to the 15 Security Council members on 10 May said the UN Office of Information and Communications Technology was "conducting an analysis of the affected hard drive".
"Increased vigilance relating to 1718 Committee-related correspondence is therefore advised until data analysis and related investigations are completed," the email read.
The extent of the breach and suspected actors behind the attack are still unclear.
A spokesman for the Italian Mission to the UN - which chairs the 1718 committee - told Reuters on Friday (18 May), that one of the members of the panel of experts was hacked.
Revelations of the breach come after the massive WannaCry ransomware attack that crippled companies across the globe earlier this month. The malicious ransomware ensnared over 300,000 computers in 150 countries around the world, encrypting millions of user files in exchange for a ransom.
Some security experts found similarities in an earlier version of the WannaCry ransomware code and previous hacking efforts by the North Korea-linked hacking collective Lazarus Group. The hacker group has been previously linked to the 2014 Sony Pictures hack as well as the $81m (£62.3m) heist from Bangladesh's central bank in 2016.
North Korea's Deputy Ambassador to the UN Kim In Ryong, however, dismissed allegations that Pyongyang was involved in the WannaCry cyberattack or the UN hack as "ridiculous".
"Relating to the cyberattack, linking to the [Democratic People's Republic of Korea], it is ridiculous," Kim told a press conference. "Whenever something strange happens, it is the stereotype way of the United States and the hostile forces that kick off noisy anti-DPRK campaign deliberately linking with DPRK."
Security firm Symantec said analysis of the early WannaCry attacks revealed "substantial commonalities in the tools, techniques, and infrastructure used by the attackers and those seen in previous Lazarus attacks, making it highly likely that Lazarus was behind the spread of WannaCry".
"Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign," experts wrote in a blog post. "These earlier versions of WannaCry used stolen credentials to spread across infected networks, rather than leveraging the leaked EternalBlue exploit that caused WannaCry to spread quickly across the globe."
© Copyright IBTimes 2024. All rights reserved.