Saturday, June 12, 2021

Researchers Disclosed a security vulnerability in UNEP that affects 100k staff records

Must Read

Chinese Cloud Hopper Attackers Use Zerologon at New Campaign

Chinese state-sponsored attackers are working a significant worldwide campaign against several verticals harnessing the Zerologon vulnerability, based on a...

Months after cyber-attack, Stolen Data from London Council Published Online By hackers

The Information that was stolen has been published on the darknet. Sensitive data stolen from Hackney Council in the UK...

DuckDuckGo passes 100M daily search queries for the first time in 12 years

DuckDuckGo reaches a historic milestone in a week when both Signal and Telegram saw a huge influx of new...

Today, researchers have revealed a security vulnerability by exploiting which they could access more than 100,000 private worker records of United Nations Environmental Program (UNEP). 

The information breach originated from Git directories and credentials, which permitted the researchers to clone Git stores and gather a lot of actually recognizable data of personally identifiable information (PII) related to over 100k workers. 

Git Directory exposes WordPress DB and Git credentials

Ethical hacking and security research Company Sakura Samurai have now uncovered this vulnerability that lets them access the private information of more than 100,000 United Nations Environment Program (UNEP) representatives. 

The reports and screenshots Shared to give broad and detailed Information on the idea of this security vulnerability and all that is uncovered/exposed. 

Having gone over the United Nation’s Vulnerability Disclosure Program and InfoSec Hall of Fame, specialists Jackson Henry, Nick Sahler, John Jackson, and Aubrey Cottle of Sakura Samurai set out to chase for any security vulnerability affecting UN frameworks. 

They at that point ran over uncovered Git directories (.git) and Git credential files records (.git-certifications) on domains related to the UNEP and United Nation’s International Labor Organization (ILO). 

The analysts had the option to dump the substance of these Git records and clone whole storehouses from the * and * areas utilizing git-dumper

The .git directory Content involves sensitive records, for example, WordPress configuration files and documents (wp-config.php) Exposes the admin’s information and database credentials.

Similarly, unique PHP documents exposed as a part of this information penetrate contained plaintext information database credentials related to other online frameworks of the UNEP and UN ILO. 

In addition, the publicly accessible .git-credentials files enabled the researchers to get their hands on UNEP’s source code base.

Exfiltrated data of over 100,000 employees

Using these credentials, researchers were able to exfiltrate the private information of over 100,000 employees from multiple UN systems.

The data set obtained by the group exposed travel history of UN staff, with each row containing: Employee ID, Names, Employee Groups, Travel Justification, Start and End Dates, Approval Status, Destination, and the Length of Stay.

Exposed UN employee travel history
UN employee travel history (100k+ records) exfiltrated by researchers
Source: Sakura Samurai

Likewise, other UN databases accessed by the researchers as a part of their analysis exposed HR demographic data (nationality, gender, pay grade) on thousands of employees, project funding source records, generalized employee records, and employment evaluation reports.

HR demographic data redacted
Redacted HR demographic data of 7,000+ UN employees
Source: Sakura Samurai 

In an email interviewthe group said:

“When we started researching the UN, we didn’t think it would escalate so quickly. Within hours, we already had sensitive data and had identified vulnerabilities. Overall, in less than 24 full hours we obtained all of this data,” Sakura Samurai told.

“In total, we found 7 additional credential-pairs which could have resulted in unauthorized access of multiple databases.

We decided to stop and report this vulnerability once we were able to access PII that was exposed via Database backups that were in the private projects,” state the researchers in their blog post.

Threat actors likely already accessed the data

The researchers shared a series of emails that showed they had originally reported the vulnerability to the UN privately on January 4th, 2021.

UN Office of Information and Communications Technology (OICT) initially acknowledged their report, but, without realizing the vulnerability concerned UNEP, responded:

“The reported vulnerability does not pertain to the United Nations Secretariat, and is for ILO (International Labour Organization),” according to the emails seen by Us, and something the UN is known to do in the past.

Eventually, consistent with these emails, Saiful Ridwan, Chief of Enterprise Solutions of UNEP thanked the researchers for their vulnerability report while stating that their DevOps team had taken immediate steps to patch the vulnerability which an impression assessment of this vulnerability was ongoing.

Further, during a follow-up email seen by Us, UNEP stated that a knowledge breach disclosure notice was within the works but that it had been “challenging as we’ve not done this before.”

Overall, the researchers told, United Nations was quick to patch this security issue within under every week.

“Honestly, I commend Saiful for the fast fixes. albeit he stated that this was fairly new him, they patched in record speed and secured the info .”

“At now, our only concern is informing the affected users. Particularly, Aubrey Cottle A.K.A. Kirtaner had noted that if it had been this easy to get the info, threat actors likely have already got the info .”

“The group was in agreement that the UNEP should analyze the trajectory of the exposed PII to work out what percentage threat actors, if any, have the info,” Sakura Samurai founder John Jackson told.

This is not the primary time UN systems have suffered a knowledge breach.

In 2019, the UN didn’t disclose a cyberattack that had severely compromised their networks and databases.

In 2020, a disclosure finally came out from the UN which pinned the blame for the hack a SharePoint vulnerability.

Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.


Please enter your comment!
Please enter your name here

Latest News

An error of coding results attacker will delete a live video of Facebook

Facebook has solved the problem of Programming errors on live video services that allow attackers to successfully remove video...

What is a Cyber Attack or Virtual Attack

Firstly We Wil Discuss About Cyberattack or we will also say virtual attack. A Cyberattack is a type of attack that will be done...

Firefox 88 start disabling FTP with removal set for Firefox 90

Firefox 88 update has disabled File Transfer Protocol (FTP) support completely from the browser. The handling of clicking on FTP links from within Firefox...

Google Project Zero giving The 30-day grace period for user patch adoption

Google Project Zero will be shifting from a fairly hard 90-day deadline to a new model that incorporates a new 30-day grace period to...

Parking app ParkMobile experiences data breach of 21M Users

The popular mobile app that drivers use to pay and find available public parking in Pittsburgh and in other cities experienced a data breach...

More Articles Like This