UNDP
Image: United Nations Development Programme

UN agency says data stolen in ransomware attack

The United Nations Development Programme was hit with a ransomware attack, the agency confirmed Wednesday. 

A spokesperson for UNDP told Recorded Future News that a locally hosted server was targeted and data was stolen. 

“For UNDP, this included the personally identifiable information of some past and current personnel and procurement information relating to some suppliers and other contractors,” the spokesperson said. “UNDP has notified those affected individuals and entities for whom we have current contact information, and we will continue to inform those impacted as we learn more. We currently have no evidence of actual or attempted misuse of the stolen information.”

When asked whether UNDP would pay a ransom, the spokesperson said they do not “engage with threat actors” and that “no ransom has or will be paid.”

Two weeks ago, the 8Base ransomware gang claimed it attacked UNDP, threatening to leak an undisclosed amount of data taken from the organization’s systems. The data was published on April 3.

The agency works on projects in 170 countries to address poverty and inequality. 

The organization released a public notice about the incident this week, explaining that “local IT infrastructure in UN City, Copenhagen was targeted.”

“On March 27, UNDP received a threat intelligence notification that a data-extortion actor had stolen data which included certain human resources and procurement information,” the organization said, reiterating that it is still investigating the incident. 

Multiple international humanitarian organizations have faced attacks by state-backed hackers and ransomware gangs in recent years.

Both the International Committee for the Red Cross and Amnesty International were targeted by state-backed groups allegedly tied to China. The Norwegian Refugee Council, Save the Children International and several other organizations have also dealt with hacks that involved the theft of sensitive data. 

Over Christmas, a ransomware gang attacked a global Christian organization that provides humanitarian support worldwide. The International Centre for Migration Policy Development — which has observer status at the United Nations and works with several UN agencies — was targeted by an extortion group in 2022

The 8Base ransomware gang is a fairly new group that experts believe is staffed by experienced hackers. While a 2023 VMware report tied the gang to other ransomware operations, several experts said the links may simply be a matter of 8Base plagiarizing other ransom notes and website designs.

The group recently took credit for an attack on a U.S. government fisheries management organization.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.