At the end of March, the United Nations Development Program (UNDP) was the victim of a cyber attack that also affected the IT infrastructure of the city of Copenhagen, Denmark.
UNDP has received news of a data extortion stealing his data, some of which related to human resources and procurement.
As the agency continues to assess the scope of the attack, UNDP noted in a statement that “actions were immediately taken to identify a potential source and contain the affected server.”
UNDP has determined what data was exposed and who is at risk from the breach. He has also been in contact with those affected, as well as interested parties, such as partners in the United Nations system.
Although UNDP did not confirm who the perpetrator of the threat was, 8Base, a ransomware gangupdated its website in early April, listing the UNDP as one of its victims, together with three other entities. The group commented that information such as personal data, certificates, “a huge amount of confidential information” and invoices, among other things, were uploaded to the servers.
UNDP made no further comment and did not clarify whether a ransom was demanded or paid.