The International Committee of the Red Cross (ICRC) has updated its statement today regarding the attack to its servers that occurred last month which gave attackers access to the personal information on over 515K people in the “Restoring Family Links” program. ICRC has disclosed that the threat actors which breached their systems used tactics and custom hacking tools “designed for offensive security” and obfuscation techniques to evade detection, usually linked to state-backed APT groups. ICRC also noted the targeted nature of the attack was made evident by the attackers’ use of “code designed purely for execution on the targeted ICRC servers” and using the targeted servers’ MAC address.
Saryu Nayyar, CEO and Founder, Gurucul had this to say:
“One can only guess the nefarious purpose for a state-sponsored attack on a charitable organization and stealing personal data on individuals and families in need. However, it does show that no institution is off limits for malicious threat actors regardless of their ultimate intent. While the malware was detected via a recently installed EDR agent, the attackers were able to hide their activity and prolong their presence once inside by posing as legitimate users. Organizations must employ more advanced solutions and automated detection capabilities including those that focus on user behaviours in order to more quickly escalate abnormal behaviors, communications or transactions. In this case, unusual activity posing as legitimate users could have been detected sooner thereby preventing as much data theft as was accomplished.”
I really don’t understand why anyone would want to hack the ICRC. But having said that, this shows anyone and everyone can be a target. Thus anyone and everyone should be preparing defences against any and all attacks regardless of who the threat actor is.
Like this:
Like Loading...
Related
This entry was posted on February 16, 2022 at 3:01 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
An Update To The Hack Of The International Committee of the Red Cross Has Been Provided…. And It’s Interesting
The International Committee of the Red Cross (ICRC) has updated its statement today regarding the attack to its servers that occurred last month which gave attackers access to the personal information on over 515K people in the “Restoring Family Links” program. ICRC has disclosed that the threat actors which breached their systems used tactics and custom hacking tools “designed for offensive security” and obfuscation techniques to evade detection, usually linked to state-backed APT groups. ICRC also noted the targeted nature of the attack was made evident by the attackers’ use of “code designed purely for execution on the targeted ICRC servers” and using the targeted servers’ MAC address.
Saryu Nayyar, CEO and Founder, Gurucul had this to say:
“One can only guess the nefarious purpose for a state-sponsored attack on a charitable organization and stealing personal data on individuals and families in need. However, it does show that no institution is off limits for malicious threat actors regardless of their ultimate intent. While the malware was detected via a recently installed EDR agent, the attackers were able to hide their activity and prolong their presence once inside by posing as legitimate users. Organizations must employ more advanced solutions and automated detection capabilities including those that focus on user behaviours in order to more quickly escalate abnormal behaviors, communications or transactions. In this case, unusual activity posing as legitimate users could have been detected sooner thereby preventing as much data theft as was accomplished.”
I really don’t understand why anyone would want to hack the ICRC. But having said that, this shows anyone and everyone can be a target. Thus anyone and everyone should be preparing defences against any and all attacks regardless of who the threat actor is.
Share this:
Like this:
Related
This entry was posted on February 16, 2022 at 3:01 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.