The International Committee of the Red Cross (ICRC) has confirmed that the recent cyberattack that compromised the data of more than 515,000 “highly vulnerable” people was likely the work of state-sponsored hackers.
In an update, the ICRC confirmed that the initial intrusion dates back to November 9, 2021, two months before the attack was disclosed on January 18.
The attackers used a very specific set of advanced hacking tools designed for offensive security. These tools are primarily used by advanced persistent threat (APT) groups, are not available publicly and therefore out of reach to other actors, – Red Cross said late on Wednesday.
The attackers used sophisticated obfuscation techniques to hide and protect their malicious programs.
“This requires a high level of skills only available to a limited number of actors,” the Red Cross added.
The hackers were able to enter its network and access systems by exploiting an unpatched critical vulnerability.
Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. This in turn allowed them to access the data, despite this data being encrypted, – according to the Red Cross.
The breach included personal data such as names, locations, and contact information of more than 515,000 people from across the world.
The people affected include missing people and their families, detainees, and others receiving services from the Red Cross and Red Crescent Movement due to armed conflict, natural disasters, or migration.
“We do not believe it is in the best interest of the people whose data this is to share further details about who they are, where they are or where they came from,” said the Red Cross.
Red Cross said it has partnered with key technology partners and highly specialized firms to help it navigate through the crisis.