Red Cross hit by cyberattack from state-sponsored hackers
Date:
Thu, 17 Feb 2022 16:53:15 +0000
Description:
Malware used in the attack appears to have been tailor-made for the Red Cross.
FULL STORY ======================================================================
The recent cyberattack against the International Committee of the Red Cross (ICRC) was not a supply chain attack, as initially thought. Instead, it came as a result of an abused unpatched high severity vulnerability.
The news was confirmed by the ICRC, which said in an updated blog post that the attackers were, most likey, state-sponsored, but did not point any
fingers at any particular Advanced Persistent Threats (APT).
However TechCrunch found researchers from Palo Alto Networks discovered the Chinese abusing the same vulnerability elsewhere. Stealing data
The researchers found that whoever was behind the attack did not target an ICRC contractor, but instead exploited an unpatched critical vulnerability in an authentication module, a flaw tracked as CVE-2021-40539.
The flaw allowed the attackers to place web shells, and conduct post-exploitations acts such as compromising admin credentials, moving laterally across the network, and exfiltrating data from endpoints .
Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. This, in turn, allowed them to access the data, despite this data being encrypted, the ICRCs blog post reads.
The ICRC also said that the attack was not accidental, or that the attackers chose them simply because of the unpatched vulnerability. Instead, the ICRC was specifically targeted because the attackers created code designed solely for execution on the concerned ICRC servers.
The malware created for this attack was tailor-made for ICRCs infrastructure and its antivirus software . Read more
Red Cross cyberattack sees data of thousands at-risk people stolen
Red Cross leads call to halt healthcare cyberattacks
Some of the world's biggest companies have major website security issues
The ICRC was also able to pinpoint, more precisely, exactly when the attack took place. Initially, the organization believed the attack occurred in January, but it now believes late November is a more accurate estimate.
In total, the data on more than 515,000 highly vulnerable people was taken.
So far, the report reads, there have been no signs of the data being shared, or sold, anywhere, and the ICRC has not received any ransom demand.
It is our hope that this attack on vulnerable peoples data serves as a catalyst for change, Robert Mardini, the director-general of the ICRC, said
in a statement. We will now strengthen our engagement with states and non-state actors to explicitly demand that the protection of the Red Cross
and Red Crescent Movements humanitarian mission extends to our data assets
and infrastructure.
We believe it is critical to have a firm consensus in words and actions
that humanitarian data must never be attacked. Here's our rundown of the best firewalls right now
Via: TechCrunch
======================================================================
Link to news story:
https://www.techradar.com/news/red-cross-hit-by-cyberattack-from-state-sponsor ed-hackers/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)