An Update To The Hack Of The International Committee of the Red Cross Has Been Provided…. And It’s Interesting

The International Committee of the Red Cross (ICRC) has updated its statement today regarding the attack to its servers that occurred last month which gave attackers access to the personal information on over 515K people in the “Restoring Family Links” program. ICRC has disclosed that the threat actors which breached their systems used tactics and custom hacking tools “designed for offensive security” and obfuscation techniques to evade detection, usually linked to state-backed APT groups. ICRC also noted the targeted nature of the attack was made evident by the attackers’ use of “code designed purely for execution on the targeted ICRC servers” and using the targeted servers’ MAC address.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“One can only guess the nefarious purpose for a state-sponsored attack on a charitable organization and stealing personal data on individuals and families in need. However, it does show that no institution is off limits for malicious threat actors regardless of their ultimate intent. While the malware was detected via a recently installed EDR agent, the attackers were able to hide their activity and prolong their presence once inside by posing as legitimate users. Organizations must employ more advanced solutions and automated detection capabilities including those that focus on user behaviours in order to more quickly escalate abnormal behaviors, communications or transactions. In this case, unusual activity posing as legitimate users could have been detected sooner thereby preventing as much data theft as was accomplished.”

I really don’t understand why anyone would want to hack the ICRC. But having said that, this shows anyone and everyone can be a target. Thus anyone and everyone should be preparing defences against any and all attacks regardless of who the threat actor is.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: