"Red Cross Attributes Server Breach to Nation-State Actor"

The International Committee of the Red Cross (ICRC) has concluded that a nation-state hacker was behind a cyberattack on its servers discovered last month. However, The forensic report does not attribute the attack to any specific advanced persistent threat (APT) group, and ICRC declined to speculate on the culprit. During an investigation into the breach, it was found that the attack compromised the personal data of more than half a million individuals helped by ICRC’s program, which reunites families separated by conflict, disaster, or migrations. Personal data included names, locations, and contact information of individuals served by the group and login information for staff and volunteers. The breach was discovered on January 18 and occurred on November 9, 2021. The ICRC stated that the hackers were able to get into the system by exploiting an unpatched vulnerability in the password reset management system Zoho ManageEngine ADSelfService Plus, which allowed them to place web shells that provided further access to move within the systems and exfiltrate data. Microsoft warned in November that Chinese-based hackers were using the vulnerability to target victims in the U.S. defense industrial base, higher education, consulting services, and information technology sectors. The ICRC analysis presumes that hackers were able to copy or export data, but none of that information has shown up on the dark web yet. The attack on the human rights organization drew a rebuke from the U.S. State Department, which called on other nations to condemn cyberattacks on humanitarian data.

CyberScoop reports: "Red Cross Attributes Server Breach to Nation-State Actor"