UN aviation agency investigating 'potential' security breach

​On Monday, the United Nations' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident."

Established in 1944 as an intergovernmental organization, this United Nations agency works with 193 countries to support the development of mutually recognized technical standards.

"ICAO is actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organizations," ICAO said in a statement.

"We take this matter very seriously and have implemented immediate security measures while conducting a comprehensive investigation."

The UN agency says it will provide more information after it finishes its preliminary investigation into this potential breach.

Although ICAO has not yet provided specific details on what triggered this ongoing investigation, this announcement comes two days after a threat actor named "natohub" leaked 42,000 documents reportedly stolen from ICAO on the BreachForums hacking forum.

​According to natohub's claims, the allegedly stolen documents contain names, dates of birth, addresses, phone numbers, email addresses, and education and employment information. Another threat actor says the archive contains 2GB of files with information on 57,240 unique emails.

An ICAO spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.

This comes after another UN agency, the United Nations Development Programme (UNDP), began investigating a cyberattack in April 2024 after a cyberattack claimed by the 8Base ransomware gang—the UNDP has yet to provide an update on the investigation.

In January 2021, the United Nations Environmental Programme (UNEP) also disclosed a data breach after more than 100,000 employee records with personally identifiable information (PII) were exposed online.

UN networks in Vienna and Geneva were also breached in July 2019 using a Sharepoint exploit. The attackers gained access to staff records, health insurance, and commercial contract data in what a UN official later described as a "major meltdown."