UN aviation agency investigating 'potential' security breach
On Monday, the United Nations' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident."
Established in 1944 as an intergovernmental organization, this United Nations agency works with 193 countries to support the development of mutually recognized technical standards.
"ICAO is actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organizations," ICAO said in a statement.
"We take this matter very seriously and have implemented immediate security measures while conducting a comprehensive investigation."
The UN agency says it will provide more information after it finishes its preliminary investigation into this potential breach.
Although ICAO has not yet provided specific details on what triggered this ongoing investigation, this announcement comes two days after a threat actor named "natohub" leaked 42,000 documents reportedly stolen from ICAO on the BreachForums hacking forum.
According to natohub's claims, the allegedly stolen documents contain names, dates of birth, addresses, phone numbers, email addresses, and education and employment information. Another threat actor says the archive contains 2GB of files with information on 57,240 unique emails.
An ICAO spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
This comes after another UN agency, the United Nations Development Programme (UNDP), began investigating a cyberattack in April 2024 after a cyberattack claimed by the 8Base ransomware gang—the UNDP has yet to provide an update on the investigation.
In January 2021, the United Nations Environmental Programme (UNEP) also disclosed a data breach after more than 100,000 employee records with personally identifiable information (PII) were exposed online.
UN networks in Vienna and Geneva were also breached in July 2019 using a Sharepoint exploit. The attackers gained access to staff records, health insurance, and commercial contract data in what a UN official later described as a "major meltdown."
PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts
Telegram hands over data on thousands of users to US law enforcement
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalRetrieved from Cache
LowInsufficient Site Isolation Against Spectre Vulnerability
InformationalInformation Disclosure - Information in Browser sessionStorage
InformationalNon-Storable Content
Free online web security scanner
