The target: The United Nations
The take: 400GB of data including: internal documents and emails, human resource records, database access, commercial information, and Active Directory access.
The attack vector: The threat actors used compromised 42 servers in total when they were able to exploit a known remote code vulnerability in Microsoft Sharepoint. This let the attackers move freely within all of the IT systems. A patch was released a few months prior to the breach, but the U.N’s IT department failed to deploy the patch when it was released, leaving a significant timeframe in which their systems were vulnerable.
This breach highlights the critical importance of maintaining an inventory of internal systems and software, and ensuring those systems are kept up-to-date. Security vulnerabilities can be exploited as soon as they’re identified, underlining the importance of adhering to a regular and frequent patching schedule.