UN aviation body investigates potential data breach

The UN’s International Civil Aviation Organization (ICAO) is currently investigating reports of a potential information security incident, the agency has confirmed.

In a post on the ICAO’s website, the agency said that the incident may be linked to a known threat actor with a track record of targeting international organizations.

The ICAO underlined the seriousness of the reports and stated that it immediately took steps to secure itself. It is also conducting a comprehensive investigation into the incident, the ICAO wrote.

The agency told Reuters that the investigation was related to a claim reportedly made on a hacker forum. The ICAO stated further information will be provided once the preliminary investigation is complete.

A post made on 6 January suggested that 42,000 records had been stolen from the ICAO but did not elaborate or provide further insight into the methodology of the attack.

In the post, a user known as ‘natohub’ claimed the records included sensitive information such as users’ full names, birth dates, addresses, phone numbers, email addresses, and employment information.

“At this early stage of our investigation, we cannot provide additional details about the incident or confirm specific claims about the data potentially involved,” the ICAO said.

The ICAO was formed in 1944 and serves 193 member countries as part of its role in the UN, focused on establishing a network of global air mobility and international air transport.

In 2019, an analyst at Lockheed Martin discovered that the ICAO had been the victim of a ‘watering hole’ cyber attack, in which hackers identify a website that is commonly visited by employees of their target organization and compromise it to distribute malware.

Hackers were reportedly able to compromise mail servers to obtain access to admin accounts, affecting mail servers and system administrator accounts.

Reporting by CBC suggested the ICAO attempted to cover up the attack, citing internal documents the publication saw that also indicated the attack was perpetrated by a China-based threat group.

ITPro has approached the ICAO directly for a statement on the incident.