The International Civil Aviation Organisation (ICAO) - a division of the United Nations was subjected to a cybersecurity breach recently.
Late on Monday evening [January 6, 2025], the ICAO publicly reported a security incident. In an official statement, the ICAO revealed that it’s actively investigating reports of a potential information security incident.
This cybersecurity is allegedly linked to a threat actor known for targeting international organisations, the statement reads.
“We take this matter very seriously and have implemented immediate security measures while conducting a comprehensive investigation,” the statement added.
42,000 Docs Compromised in Data Theft
The revelation comes after an individual on Sunday [January 5, 2025] going by the alias – Natohub claimed to have access to 42,000 documents from ICAO.
The hacker seems to be the successor of a site seized by the FBI in 2023 according to The Record.
Natohub claimed to have compromised the unauthorised personal sensitive data stolen from ICOA on the hacking forum called – BreachForums 2.
This hacker account was lodged officially six months ago. Just last month, it professed to have access to the personal information of 14,000 delegates to the United Nations, The Record’s report added.
Natohub claims to have gained access to ICAO personal records including full names, dates of birth, physical and email addresses, phone numbers, and details about the individuals’ education history and employment.
TechCrunch reported to have seen the sample of the stolen data on the forum and says that in addition to full names, dates of birth, home and email addresses, phone numbers, and education history details, the records also included information about ICAO employees.
Now, the ICAO is investigating the cyber threat and undertaking measures to tackle the incident.
Also Read: Brain Cipher Ransomware Gang responsible for Rhode Island RIBridges data breach
UN 2021 Data Breach
One of the biggest data breaches experienced by the UN was on 5 April 2021. The breach compromised 53 accounts on the United Nations computer network.
Hackers were able to gain unauthorised access to the system by obtaining employee login details from the dark web resulting in several attacks across different divisions of the UN.
The United Nations Development Programme (UNDP) was particularly targeted as part of this series of attacks on the international organisation. The attacks led to data theft and affected local IT infrastructure in UN City, Copenhagen according to Twingate.
Stéphane Dujarric, UN spokesperson confirming the cyber attack in a statement said that unknown attackers were able to breach parts of the United Nations infrastructure in April of 2021.
“We can also confirm that further attacks have been detected and are being responded to, that are linked to the earlier breach,” he stated.
Resecurity, a California-based cybersecurity company told CNN it contacted UN officials earlier this year after noticing the login credentials for sale on the dark web.
Dujarric told CNN that the UN had taken steps to mitigate the impact of the breach before Resecurity contacted the multinational body, but declined to elaborate.
Also Read: Taiwan Cyber Attacks Doubled in 2024, Report Cites Chinese Cyber Force
