State-sponsored hackers compromised data of over five lakh people. Red Cross confirms state-sponsored hackers have compromised the data of more than five lakh people
Digital Desk, New Delhi. The International Committee of the Red Cross (ICRC) has confirmed that a recent cyber attack that compromised the data of over 515,000 highly vulnerable people was likely the work of state-sponsored hackers.
In an update, the ICRC has confirmed that the initial intrusion is dated November 9, 2021, two months before the attack was disclosed on January 18.
The attackers used a very specific set of advanced hacking tools designed for offensive security, the Red Cross said late Wednesday. These tools are primarily used by advanced persistent threat (APT) groups, are not publicly available and therefore out of reach of other actors.
Attackers used sophisticated obfuscation techniques to hide and protect their malicious programs.
It requires a high level of skill for only a limited number of actors, the Red Cross said.
Hackers were able to penetrate its network and access systems by exploiting an unpatched critical vulnerability.
According to the Red Cross, once inside our network, hackers were able to deploy offensive security tools that allowed them to disguise themselves as legitimate users or administrators. This in turn allowed them to access the data even though it was encrypted.
The breach involved personal data such as names, locations and contact information from more than 515,000 people around the world.
Affected people include missing people and their families, prisoners and others receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters or migration.
The Red Cross said, “We do not believe it is in the best interests of those whose data is to share more information about who they are, where they are or where they came from.”
The Red Cross said it has partnered with leading technology partners and highly specialized firms to help combat the crisis.