Cyber-attack on ICRC: What we know
From the International Committee of the Red Cross, an update posted today begins:
Update: 16 February 2022, 9 AM CET. Nearly a month has passed since we determined that servers hosting personal data belonging to more than 515,000 people worldwide were hacked in a sophisticated cyber-attack. We are now in a position to share some findings of our analysis of this data breach.[…]
How did the hackers get into our systems?
The hackers were able to enter our network and access our systems by exploiting an unpatched critical vulnerability*** in an authentication module (CVE-2021-40539). This vulnerability allows malicious cyber actors to place web shells and conduct post-exploitation activities such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files. Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. This in turn allowed them to access the data, despite this data being encrypted.
Read more at ICRC.