3 min Security

UN aviation body ICAO hacked, 42,000 records stolen

UN aviation body ICAO hacked, 42,000 records stolen

The International Civil Aviation Organization (ICAO), a United Nations agency, has been hacked. A cyber attack led to the leak of 42,000 records from its recruitment database.

ICAO announced on Monday that a security incident had occurred. The message has now been updated with more details. The 42,000 stolen records date from April 2016 to July 2024 and contain a variety of sensitive information. Personal names, e-mail addresses, dates of birth and job histories, among others, were captured. ICAO stresses that financial information, passwords, passport details and other documents were not compromised in the attack.

Systems otherwise secure

ICAO is responsible for shaping policy regarding international aviation and conducts research on the industry on behalf of the UN. The UN body promotes safety, efficiency and the further development of the aviation industry. Among many things, it also determines the international codes for airports, which are used by pilots and air traffic controllers worldwide.

Because the leak is said to have only affected the recruitment database, the damage may have been limited. This is still potentially dangerous, as the personal information could be used, for example, for credible phishing emails.

Claimed by ‘Natohub’

A user named ‘Natohub’ posted the 42,000 records on BreachForums, a popular destination for compromised data. Should it indeed be the stolen data, phone numbers were also captured. A total of 2 gigabytes of files and 57,240 emails were involved.

Michael Covington, VP of Portfolio Strategy at Jamf, sees that UN agencies are a prime target for cybercriminals. “While it appears that the attackers in this incident did not gain access to financial information, it is important that stakeholders remain vigilant and alert to potential social engineering attacks. These attackers can leverage applicant data to establish credibility with the victim.”

“Natohub is a relatively new attack group, having first made their presence known in June 2024. They have since attacked government agencies and claim to have stolen data from the U.S. Marine Corps, among others. In addition, they have previously been linked to an attack on the U.S. Department of Defense.”

“Attackers like Natohub primarily target international and government organizations in order to gain notoriety. In this case, it appears the data breach was limited to the recruitment database. It is crucial for any organization to minimize the impact of cyberattacks. We advise our clients to implement multiple layers of defense and good cyber hygiene, such as enforcing device compliance standards and implementing multi-factor authentication (MFA).”

Also read: Old LastPass hack again leads to 5 million euros in stolen crypto coins