In a press release published On February 16, 2022, the ICRC (International Committee of the Red Cross) released many details about the cyberattack that hit La Croix Rouge a month ago. It’s about a surgery which suggests that a state actor could be behind the attack.
Suspicions turn to a state actor
At the end of January 2022, the servers hosting the personal data belonging to more than 515,000 people worldwide were hacked in a sophisticated cyberattack. After a month of analysis, the ICRC is now able to share the details of this cyberattack. In the press release of the humanitarian organization, we learn that “the hackers used considerable resources to gain access to our computer systems and used tactics that most detection tools would not have detected”.
Ukraine’s Ministry of Defense hit by cyberattack
The tools used by the hackers in question are generally used by so-called groups “advanced”. They are not publicly available, as is the case with ransomware with the growing trend of RaaS (ransomware-as-a-service). The findings of the ICRC and the high level of skills available to the hackers behind this cyberattack suggest that a state actor could be behind the operation. We can read that “the attackers created a piece of code designed only to be executed on the Red Cross servers”.
515,000 people referenced in the computer systems of the Red Cross are concerned
The anomaly was detected approximately 70 days after the attack, on January 18, 2022. Analysis shows that the breach took place on November 9, 2021. The ICRC specifies that “detecting such a large and complex breach usually takes time. The average time to identify a data breach of this level is 212 days. In its press release, the Red Cross reiterated its call on pirates to “not to share, sell, disclose or use this data in any way”. As no ransom has been claimed, we can unfortunately think that the data may leak.
The hackers obtained names, postal addresses and telephone numbers from 515,000 people worldwide. Among those affected, the Red Cross specifies that there are missing persons and their families, detainees and other people benefiting from the services of the Red Cross and Red Crescent movement following armed conflict or natural disaster. For the moment, no trace of this data has been found on the dark web.
The ICRC ensures that improvements will be made to the security systems, in particular the establishment of a new two-factor authentication process and the use of an advanced threat detection solution.