The United Nations Development Programme (UNDP), the UN’s lead agency on international development, announced that it’s investigating a “cybersecurity incident” in Copenhagen, Denmark. Hackers managed to steal human resources and procurement information.
According to the issued statement, on March 27th, UNDP received a threat intelligence notification about a data-extortion actor stealing data. Threat actors managed to get their hands on information on certain human resources and procurement information.
“UNDP recently experienced a cyberattack, in which local IT infrastructure in UN City, Copenhagen was targeted,” the announcement reads. Actions were immediately taken to identify a potential source and contain the affected server as well as to determine the specifics of the exposed data and who was impacted.”
Two weeks ago, on April 3rd, the ransomware gang 8Base posted UNDP as its victim on its dark website. The gang said it had uploaded “a huge amount of confidential information,” together with other data such as invoices, receipts, accounting documents, personal data, certificates, employment contracts, or personal files.
Based at the United Nations Headquarters in New York City, UNDP is the largest UN development aid agency, with offices in 177 countries. Since 1966, UNDP has partnered with people at all levels of society to help build nations that can withstand crises.
“UNDP is currently conducting a thorough assessment of the nature and scope of the cyberattack, and we have maintained ongoing communication with those affected by the breach so they can take steps to protect their personal information from misuse,” UNDP’s statement reads.
The 8base ransomware group, in its current form, emerged in early 2023, and smaller operations can be traced back to 2022. While a fairly new group, in the last six months, 8base was among the top five most active ransomware gangs, posting 156 victims in total, according to the Cybernews Ransomlooker tool.
According to SentinelOne, 8base ransomware campaigns have been targeted at numerous industries, including finance, manufacturing, information technology, and healthcare. To date, most victims are within the United States and Brazil. The gang’s initial access methods vary, with delivery via phishing email or the use of initial access brokers (IABs) being observed.
Your email address will not be published. Required fields are markedmarked