Hackers breached the United Nations’ computer networks earlier this year and made off with a trove of data that could be used to target agencies within the intergovernmental organization.
The hackers’ method for gaining access to the U.N. network appears to be unsophisticated: They likely got in using the stolen username and password of a U.N. employee purchased off the dark web.
The credentials belonged to an account on the U.N.’s proprietary project management software, called Umoja. From there, the hackers were able to gain deeper access to the U.N.’s network, according to cybersecurity firm Resecurity, which discovered the breach. The earliest known date the hackers obtained access to the U.N.’s systems was April 5, and they were still active on the network as of Aug. 7.