AidInfoSec Report an attack

Attack Database /

Attack detail

Attack Date Location
Tuesday 09 November 2021 Switzerland (Geneva)
Target organisation Attack category
International Committee of the Red Cross Active attack
Surface Type
Unknown Unknown

Additional notes on attack

Attack was made on ICRC external data contractor's servers housed in Switzerland. "We know that the attack was targeted because the attackers created code designed solely for execution on the concerned ICRC servers, a technique we believe was designed to shield the hackers' activities from detection and subsequent forensic investigations [..] unpatched critical vulnerability*** in an authentication module (CVE-2021-40539). This vulnerability allows malicious cyber actors to place web shells and conduct post-exploitation activities such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files. Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. This in turn allowed them to access the data, despite this data being encrypted." (ICRC)

Harm Notes
Harm to digital capacity, Other, Reputational harm Harms linked to data breach - Servers hosting personal data belonging to more than 515,000 people worldwide had been hacked incl IDPs, other vulnerable people. Reputational harm - damages ICRC's reputation as responsible and trustworthy custodian of data
Future harms Resolution/Recovery
Reputational harm ICRC shut down servers, computers to deny attack spread
Actor type
Unknown
Attacker agenda Attacker location
Other: "We cannot ascertain who is behind this attack or why it was carried out, and we will not speculate about this. We have not had any contact with the hackers and no ransom ask has been made" Cornwall