Servers hosting personal data belonging to more than 515,000 people worldwide were hacked in a sophisticated cyber attack.
Breach :
The incident you described involves a sophisticated cyber attack where servers hosting personal data belonging to over 515,000 individuals worldwide were compromised. The attackers utilized advanced hacking tools that are typically employed by advanced persistent threat (APT) groups, indicating a high level of sophistication and specialization. These tools are not publicly available and are beyond the reach of most actors.
To further conceal their activities, the attackers employed sophisticated obfuscation techniques to hide and protect their malicious programs. This level of skill is typically possessed by a limited number of actors with advanced expertise.
The attack appears to have been targeted, as the attackers created a specific code designed to execute on the targeted servers of the International Committee of the Red Cross (ICRC). The tools used by the attackers explicitly referenced a unique identifier on the targeted servers, such as their MAC address.
Although the ICRC had anti-malware tools installed on the compromised servers, these tools were only able to detect and block some of the files used by the attackers. The majority of the malicious files deployed were carefully crafted to bypass the ICRC’s anti-malware solutions. The intrusion was eventually discovered when advanced endpoint detection and response (EDR) agents were installed as part of an enhancement program.
The described attack highlights the importance of continuously enhancing cybersecurity measures to stay ahead of sophisticated threats. It also emphasizes the need for organizations to invest in advanced detection and response capabilities, as traditional security tools may not always be sufficient in detecting and mitigating such targeted attacks.
The additional information provided highlights further details about the sophisticated and targeted nature of the cyber attack:
The attackers utilized a specific set of advanced hacking tools that are typically employed by advanced persistent threat (APT) groups. These tools are not publicly available, making them inaccessible to most actors. This indicates that the attackers had significant resources at their disposal.
To evade detection, the attackers employed sophisticated obfuscation techniques, demonstrating a high level of skill and expertise. These techniques are typically known to a limited number of actors with advanced capabilities.
The attack was specifically tailored to target the ICRC servers, as the attackers created a piece of code designed solely for execution on these servers. The tools used by the attackers explicitly referenced a unique identifier, such as the MAC address of the targeted servers.
Although the ICRC had active anti-malware tools installed on the targeted servers, they were only able to detect and block some of the files used by the attackers. The malicious files deployed were specifically crafted to bypass the organization’s anti-malware solutions. It was only when advanced endpoint detection and response (EDR) agents were installed as part of a planned enhancement program that the intrusion was finally detected.
Furthermore, the hackers were able to gain entry to the network and access systems by exploiting an unpatched critical vulnerability (CVE-2021-40539) in an authentication module. This vulnerability allowed them to place web shells, compromise administrator credentials, perform lateral movement within the network, and exfiltrate registry hives and Active Directory files. They were also able to deploy offensive security tools, which helped them masquerade as legitimate users or administrators, thereby accessing the encrypted data.
These additional details highlight the complex and multi-faceted nature of the cyber attack, underscoring the importance of regularly patching vulnerabilities, implementing advanced detection and response measures, and continuously enhancing cybersecurity practices to defend against such targeted and sophisticated threats.
Disclosure : 24 June 2022
Impact : Servers hosting personal data belonging to more than 515,000 people worldwide were hacked which might sell or misused for further cyber attacks.
Disclaimer : The information provided herein is on “as is” basis, without warranty of any kind.
