Turbulence at UN aviation agency as probe into potential data theft begins
Crime forum-dweller claims to have leaked 42,000 documents packed with personal info
The United Nations' aviation agency is investigating "a potential information security incident" after a cybercriminal claimed they had laid hands on 42,000 of the branch's documents.
The International Civil Aviation Organization (ICAO) said in a limited statement on Monday that the suspected incident could be linked to "a threat actor known for targeting international organizations."
"We take this matter very seriously and have implemented immediate security measures while conducting a comprehensive investigation," it added.
"Further information will be provided once our preliminary investigation is complete."
The claims were made by an individual using the Natohub alias on a popular cybercrime forum. They claimed the data, which is available to purchase for a nominal fee, includes various personal information on individuals.
Full names, dates of birth, full home addresses, phone numbers, primary and secondary email addresses, marital status, genders, education backgrounds, and employment information are all allegedly compromised.
Natohub has a history of taking credit for attacks on other high profile organizations, such as the US military and the United Nations itself, neither of which ever confirmed the veracity of the leaker's claims.
The Register requested additional updates on the investigation, which the ICAO said began on Monday, but the agency did not respond immediately, although it told Reuters that it wouldn't be commenting any further until its provisional investigation was completed.
The Canada-based agency oversees the aviation relationships between 193 countries, offering technical and diplomatic guidance to ensure innovations in the sector are deployed effectively across the world.
- Charter, Consolidated, Windstream reportedly join China's Salt Typhoon victim list
- After China's Salt Typhoon, the reconstruction starts now
- Atos denies Space Bears' ransomware claims – with a 'but'
- Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid
Its last security incident came in 2016 when it became the victim of an attack where watering holes were set up on its own website and that of Turkey's treasury board.
For the uninitiated, a watering hole attack is one where frequently visited sites are poisoned with malware that's then used to gain access to victims' systems.
The details of the incident, however, emerged three years later in a report from public broadcaster CBC, which claimed the ICAO attempted to cover up the incident altogether – a claim the agency's communications chief, Anthony Philbin, didn't deny at the time.
Philbin said the decisions following the event were made after reviewing evidence presented by two outside expert parties and that the agency made "robust improvements" to its cybersecurity posture in response.
The report also alleged that the agency's network was riddled with vulnerabilities that should have been addressed years before the 2016 exploit transpired. ®