The personal information of more than 515,000 people could be compromised. The attack of a very advanced kind was meticulously prepared to target the servers of the International Committee of the Red Cross (ICRC).
We already told you about it last January, the Red Cross was the victim of a major cyberattack. The organization took stock of the information currently in its knowledge this Wednesday, February 16 and is particularly transparent. “We feel it is our responsibility, as a humanitarian organization accountable to our partners and the people we serve, to share what information we can about this hack.”estimates the NGO in a press release.
A country behind the attack?
According to initial information, the hackers called in “considerable resources” to reach their end. The criminals reportedly used advanced hacking techniques worthy of a state-affiliated group. The tools used to penetrate the association’s servers would not be publicly available.
Likewise, the attack was designed specifically for the services of the Red Cross, denotes one “piece of code” developed so that the program runs on a specific machine, with its Mac address, a unique identifier. The security systems put in place on the servers have been tricked by the hackers’ malware.
The critical data of 515,000 people
The attack was detected in January 2022 by the ICRC, 70 days after the first intrusion on November 9, 2021. The attackers were able to penetrate the computer system of the Red Cross thanks to an unpatched flaw (CVE-2021-40539) at the time of the facts. Once in the network, the hackers performed a privilege escalation to gain access to a higher level of control.
On the content of the stolen data, the NGO estimates that the personal information of 515,000 individuals around the world is targeted. “Those concerned are missing persons and their families, detainees and other persons benefiting from the services of the Red Cross and Red Crescent Movement due to armed conflict, natural disaster or a migration”says the ICRC.
For the time being, no data leaks have been identified on the deep web, a parallel internet popular with cybercriminals. In order to prevent any new attacks, the humanitarian aid association has reinforced its internal security by setting up double authentication and “advanced threat detection solution”. The institution says it has been in contact, since the discovery of the hack, with the National Center for Cybersecurity (NCSC) of Switzerland and several firms specializing in cybersecurity. Regarding the identity and motivations behind this cyberattack, the ICRC does not wish to “speculate” on the matter.