UN aviation agency ‘actively investigating’ cybercriminal’s claimed data breach

Avatar

The U.N.’s International Civil Aviation Organization (ICAO) announced late on Monday that it was “actively investigating reports of a potential information security incident” following a criminal claim to have breached the agency.

According to ICAO’s statement, the incident was “allegedly linked to a threat actor known for targeting international organizations.”

It follows the account “Natohub” claiming on the hacking forum BreachForums 2 — the successor to a site seized by the FBI in 2023 — to have compromised 42,000 documents from ICAO containing personal data.

The same account, which was registered only six months ago, had last month claimed to have accessed the personal data of 14,000 delegates to the United Nations.

According to Natohub, the ICAO personal records include full names, dates of birth, physical and email addresses, phone numbers, and details about the individuals’ education history and employment.

In its statement, the Montreal-based ICAO said: “We take this matter very seriously and have implemented immediate security measures while conducting a comprehensive investigation. Further information will be provided once our preliminary investigation is complete.”

CybercrimeNewsNews BriefsGovernmentIndustry
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Blue Yonder says November ransomware attack not connected to Cleo vulnerability

Next Post

Pig butchering victim sues banks for allowing scammers to open accounts

Related Posts

New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change to "lib/commonjs/index.js," allows an attacker to run shell commands, take screenshots, and upload files to infected machines, Aikido Security told The Hacker News, stating these packages collectively account for nearly 1
Avatar
Read More