The UN International Civil Aviation Organization (ICAO) is currently investigating reports of a potential information security incident, the agency has confirmed.
IN publish on the ICAO websiteThe agency said the incident may be related to a well-known threat actor with experience of attacking international organizations.
ICAO stressed the seriousness of the reports and said it immediately took steps to ensure its own safety. A comprehensive investigation into the incident is also underway, ICAO writes.
The agency’s statement says ITPro that between April 2016 and July 2024, the incident involved approximately 42,000 job application records. The attacker, known as “Natohub”, claimed to have made these recordings public.
ICAO said the hacked data included names, email addresses, dates of birth and employment history of applicants. The data does not include financial information, passwords, passport details or any uploaded documents.
“We can confirm that this incident is limited to the recruitment database and does not affect any aviation security-related systems,” ICAO said.
“Our investigation and response efforts continue and we have implemented additional security measures to protect our systems. We are also working to identify and notify affected individuals,” it added.
“ICAO takes the privacy and security of personal information extremely seriously. We will provide further updates as our investigation progresses.”
ICAO was created in 1944 and serves 193 member countries as part of its role at the UN focused on creating a global network of air mobility and international air transport.
In 2019 Lockheed Martin analyst discovered that ICAO was the victim of a “watering hole” cyber attack, in which hackers identify a website commonly visited by employees of their target organization and compromise it for distribution malware.
Hackers were reportedly able to compromise mail servers to gain access to administrator accounts, affecting mail servers and system administrator accounts.
Reporting CBC suggested that ICAO attempted to cover up the attack, citing internal documents that the publication also found to indicate the attack was carried out by a China-based threat group.
ITPro contacted ICAO directly for a statement regarding the incident.