Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?



United Nations Agency Investigating Ransomware Attack Involving Data Theft

United Nations Development Programme (UNDP) investigating a ransomware attack in which hackers stole sensitive data.

The United Nations Development Programme (UNDP) announced this week that it’s investigating a cyberattack that resulted in information getting compromised.

In a statement, the organization said the attack targeted local IT infrastructure in UN City, the Copenhagen-based complex that houses nearly a dozen UN agencies. 

The UNDP said it learned on March 27 that a “data-extortion actor had stolen data which included certain human resources and procurement information”.

“Actions were immediately taken to identify a potential source and contain the affected server as well as to determine the specifics of the exposed data and who was impacted,” the agency said.

“UNDP is currently conducting a thorough assessment of the nature and scope of the cyber-attack, and we have maintained ongoing communication with those affected by the breach so they can take steps to protect their personal information from misuse. Additionally, we are continuing efforts to contact other stakeholders, including informing our partners across the UN system,” it added.

While UNDP has not shared any additional information on the incident, the organization was apparently targeted in a ransomware attack conducted by a group named 8base

The UNDP was listed on 8base’s Tor website on March 27. The hackers appear to have published the files allegedly stolen from the UN agency roughly one week later. They claim to have obtained invoices, receipts, accounting documents, certificates, confidential agreements, employment contracts, and personal information. 

However, when this article was being written, the link pointing to the stolen UNDP files was not working.

Advertisement. Scroll to continue reading.

UNDP has likely refused to pay any ransom, considering that the files were published shortly after the organization was named as a victim. 

Related: United Nations Environment Programme Exposed 100,000 Employee Records

Related: Leaked Report Shows United Nations Suffered Hack

Related: IMF: Financial Firms Lost $12 Billion to Cyberattacks in Two Decades

Related: UN Adopts Resolution Backing Efforts to Ensure Artificial Intelligence is Safe

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights