The UN’s International Civil Aviation Organization (ICAO) is currently investigating reports of a potential information security incident, the agency has confirmed.
In a post on the ICAO’s website, the agency said that the incident may be linked to a known threat actor with a track record of targeting international organizations.
The ICAO underlined the seriousness of the reports and stated that it immediately took steps to secure itself. It is also conducting a comprehensive investigation into the incident, the ICAO wrote.
In a statement, the agency told ITPro that the incident involved around 42,000 recruitment application records from April 2016 to July 2024. The threat actor known as 'Natohub' claimed to have released these records.
The ICAO said that the breached data includes the names, email addresses, dates of birth, and employment history of applicants. The data does not include financial information, passwords, passport details, or any uploaded documents.
"We can confirm that this incident is limited to the recruitment database and does not affect any systems related to aviation safety or security operations," the ICAO said.
"Our investigation and response efforts continue, and we have implemented additional security measures to protect our systems. We are also working to identify and notify affected individuals," it added.
"ICAO takes the privacy and security of personal information extremely seriously. We will provide further updates as our investigation progresses."
The ICAO was formed in 1944 and serves 193 member countries as part of its role in the UN, focused on establishing a network of global air mobility and international air transport.
Protect your applications while focusing on your core business
In 2019, an analyst at Lockheed Martin discovered that the ICAO had been the victim of a ‘watering hole’ cyber attack, in which hackers identify a website that is commonly visited by employees of their target organization and compromise it to distribute malware.
Hackers were reportedly able to compromise mail servers to obtain access to admin accounts, affecting mail servers and system administrator accounts.
Reporting by CBC suggested the ICAO attempted to cover up the attack, citing internal documents the publication saw that also indicated the attack was perpetrated by a China-based threat group.
ITPro has approached the ICAO directly for a statement on the incident.
