The United Nations has confirmed to have been hacked in, what looks like, a state-sponsored espionage operation.
According to a confidential internal document cited by The New Humanitarian and Associated Press, dozens of servers at the UN offices were infiltrated, leading to 400GB worth of confidential data being compromised.
Last July, hackers exploited Microsoft SharePoint flaw
While the matter is just coming to the fore, the hack actually took place in July 2019 when an unauthorized party exploited a security vulnerability in Microsoft's SharePoint, using an unknown strain of malware.
The breach gave them access to dozens of servers at the UN's Geneva and Vienna offices, as well as the Office of the United Nations High Commissioner for Human Rights.
After the incident was reported, a UN spokesperson issued a statement saying that "the attack resulted in a compromise of core infrastructure components" but "the exact nature and scope of the incident could not be determined."
An official familiar with the matter also reiterated the same, claiming that the full extent of personal, secret or confidential information stolen from the hack still remains unclear.
This is also why the details were not publicly disclosed
As the full scope of the attack was not clear, the United Nations chose to keep the matter under wraps, a move being criticized by many people. The organization didn't even reveal anything to its own employees, except asking them to change their passwords.
The systems compromised in the hack have now been fixed and their security has been reinforced. However, the attack - second against the UN in recent years - raises questions over the cybersecurity practices followed by the organization and calls for closer scrutiny.