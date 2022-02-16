U.S. markets close in 1 hour 16 minutes

  • S&P 500

    4,467.81
    -3.26 (-0.07%)
     

  • Dow 30

    34,885.84
    -103.00 (-0.29%)
     

  • Nasdaq

    14,091.23
    -48.53 (-0.34%)
     

  • Russell 2000

    2,079.22
    +2.76 (+0.13%)
     

  • Crude Oil

    93.68
    +1.61 (+1.75%)
     

  • Gold

    1,870.00
    +13.80 (+0.74%)
     

  • Silver

    23.60
    +0.26 (+1.11%)
     

  • EUR/USD

    1.1390
    +0.0026 (+0.23%)
     

  • 10-Yr Bond

    2.0380
    -0.0070 (-0.34%)
     

  • GBP/USD

    1.3591
    +0.0049 (+0.36%)
     

  • USD/JPY

    115.4580
    -0.1380 (-0.12%)
     

  • BTC-USD

    44,245.39
    +175.98 (+0.40%)
     

  • CMC Crypto 200

    1,022.00
    +7.62 (+0.75%)
     

  • FTSE 100

    7,603.78
    -5.14 (-0.07%)
     

  • Nikkei 225

    27,460.40
    +595.21 (+2.22%)
     

Red Cross says 'state-sponsored' hackers exploited unpatched vulnerability

Carly Page
·3 min read

The recent cyberattack on the International Committee of the Red Cross (ICRC), which compromised the data of more than 515,000 “highly vulnerable” people, was likely the work of state-sponsored hackers.

In an update published on Wednesday, the ICRC confirmed that the initial intrusion dates back to November 9, 2021, two months before the attack was disclosed on January 18, adding that its analysis shows that the intrusion was a "highly-sophisticated" targeted attack on its systems — and not an attack on third-party contractor systems as the ICRC first said.

The ICRC said it knows that the attack was targeted "because the attackers created code designed solely for execution on the concerned ICRC servers.” According to the update, the malware used by the attacker was designed to target specific servers within the ICRC's infrastructure.

Hackers gained access to the ICRC’s network by exploiting a known but unpatched critical-rated vulnerability in a single sign-on tool developed by Zoho, which makes web-based office services. The vulnerability was the subject of an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in September, which was given a CVSS severity score of 9.8 out of 10.

By exploiting this flaw, the unnamed state-sponsored hackers then placed web shells and carried out post-exploitation activities, like compromising administrator credentials, moving throughout the network, and exfiltrating registry and domain files, according to the ICRC.

“Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. This in turn allowed them to access the data, despite this data being encrypted,” the ICRC said. The Red Cross added that it has no conclusive evidence that the data stolen in the attack has been published or is being traded, nor was a ransom demand made, but said it's contacting those whose sensitive information may have been accessed.

The ICRC says its anti-malware tools on the targeted servers were active at the time of the attack and blocked some of the malicious files used by the attackers, but that most of the files deployed were "specifically crafted to bypass" its anti-malware protections.

These tools, the ICRC notes, are typically used by advanced persistent threat (APT) groups, or state-backed attackers, but the Red Cross said it has not yet formally attributed the attack to any particular organization. A Palo Alto Networks report from November 2021 linked exploitation of the same vulnerability to a Chinese state-sponsored group, known as APT27.

As a result of the cyberattack, the Red Cross said it's had to resort to using spreadsheets to carry out its vital work, which includes reuniting family members separated by conflict or disaster.

"It is our hope that this attack on vulnerable people's data serves as a catalyst for change," Robert Mardini, the director-general of the ICRC, said in a statement. "We will now strengthen our engagement with states and non-state actors to explicitly demand that the protection of the Red Cross and Red Crescent Movement's humanitarian mission extends to our data assets and infrastructure.

"We believe it is critical to have a firm consensus — in words and actions — that humanitarian data must never be attacked."

Locations and contact data on 515,000 vulnerable people stolen in Red Cross data breach

Recommended Stories

  • United Nations appeals for diplomacy

    United Nations Secretary-General Antonio Guterres says he spoke with Russian Foreign Minister Sergey Lavrov and Ukrainian Foreign Minister Dmytro Kuleba, and stressed to them "there is no alternative to diplomacy." (Feb. 14)

  • U.S. warns of Russia-sponsored hackers targeting defense contractors

    The U.S. intelligence community warned Wednesday that Russia-sponsored hackers have repeatedly attempted to infiltrate computer networks belonging to Department of Defense contractors to steal information on weapons technologies.Why it matters: It said that state-sponsored cyber actors have made several intrusion attempts between January 2020 and February 2022 and have acquired emails, sensitive, unclassified information and "export-controlled technology" owned by the contractors.Get market news

  • Mexican national accused of aiding Russian intelligence in US pleads guilty

    A Mexican man accused of aiding Russian intelligence in the U.S. on Tuesday pleaded guilty to acting within the United States on behalf of a foreign government without notifying the attorney general.Hector Alejandro Cabrera Fuentes, 36, was a resident of Singapore at the time of conviction.Fuentes, who has "spent significant time in Russia," was told by a Russian government official to follow a person who had provided intelligence about the...

  • Trial begins in case of Ozark mom who says CoxHealth CEO defamed her on social media

    A woman suing Cox because she did not want to use the word "COVID" to log into a telehealth visit faced intense questioning on the witness stand.

  • Six months of Taliban: Afghans hope for better future

    Exactly six months since the Taliban came to power in Kabul, residents of the capital remain uncertain about their future:A combination of a lack of jobs, assets that remain frozen, as well as an increase in hunger and poverty.Central bank funds have been frozen since the Taliban took over as foreign forces withdrew in August.And this, combined with sanctions and a drop off in development funding have sent the country's economy into freefall, unleashing a humanitarian crisis with it.Gawhar Khan and Abdul Saber both reside in the capital."The difference in these six months since Taliban seized power is that there is no work at all, everything items-wise is plentiful but not jobs.Six months ago people had jobs, and the work situation was quite good, but now poverty and hunger have increased.""As I foresee in the future, if the world recognizes the Islamic Emirate government and unfreeze our money and assets, we will have a better and brighter future. Otherwise we may have a miserable outlook."On Friday (February 11) the White House said the U.S. was seeking to free up half of the $7 billion in frozen Afghan central bank assets on U.S. soil to help the Afghan people - while holding the rest to possibly satisfy terrorism-related lawsuits against the Taliban.Afghanistan's central bank criticized the plan, calling it an "injustice".The Taliban warned it would reconsider its policy towards the U.S. if President Biden did not reverse his decision to return only half the amount.

  • Virgin Galactic will sell you a $450K ticket to space starting February 16

    Virgin Galactic is selling reservations for a spot on its suborbital spaceplane, which comes with an exclusive "membership" that will include access to "money-can't-buy experiences" — except that money can buy them: $450,000, specifically. For now it sounds like there will be a cap of 1,000 customers for the presale, or at least that's how many Virgin Galactic CEO Michael Colglazier plans to have lined up once the space tourism company kicks off commercial service later in 2022. Virgin Galactic is also promising that guests who plunk down nearly half-a-million for their spot will get accommodations for guests on-site at Spaceport America in New Mexico, with "bespoke itineraries" and "world-class amenities."

  • Fed Rate Hikes 2022: Experts Predict How Many To Expect and How Much Interest Will Increase

    If you've been following financial news, you know that the U.S. Federal Reserve is planning interest rate hikes for 2022, most likely beginning in March after their next Federal Open Market Committee...

  • Why Ericsson Stock Tanked 14% Today

    Shares of Telefonaktiebolaget LM Ericsson (NASDAQ: ERIC), or simply Ericsson, were down 14% today as of 12:25 p.m. ET. The Swedish networking and telecom equipment company said it may have inadvertently funded the Islamic State (ISIS) in Iraq in 2019. This announcement comes about a week after Ericsson said it had received inquiries from media outlets regarding its sales in Iraq, and that it would be reviewing a previous internal investigation it conducted in 2019 and would compare findings with that presented to it from external sources.

  • Deal Fever Revives a Fading Dot-Com Star

    As investors cool on big tech, they are warming to some faded stars of the dot-com era: telecommunications companies such as London-listed Vodafone. The bet has legs, particularly if European politicians decide that 5G networks are a higher priority than discount phone packages.

  • 5 Leading Tech Stocks to Buy in 2022 and Beyond

    Tech stocks tend to also be closely associated with innovation, disrupting old industries and creating new ones. This allows these technology companies to evolve and grow at an outsized pace for many years (if they have strong management teams and enough opportunity). Cloudflare (NYSE: NET) started as a content delivery network (CDN), a network of servers distributed across the world that helps deliver web content.

  • With a tiger and Jamie Dimon, JPMorgan enters the metaverse

    JPMorgan has become the first bank to join the metaverse. JPMorgan Chase (JPM) launched the virtual bank — complete with a roaming tiger and of course a photo of CEO Jamie Dimon — alongside a report detailing opportunities in the virtual worlds. JPMorgan says its role will be as financial intermediary.

  • Mandiant Executive Cautions Against Russia-Cyberattack Panic

    (Bloomberg) -- Fears of “scorched-earth” cyberattacks stemming from a standoff between Russia and the West over Ukraine may be overblown, and could give undue influence to the Kremlin, according to a senior executive at cybersecurity firm Mandiant Inc.Most Read from BloombergStocks Pare Declines After Federal Reserve Minutes: Markets WrapElon Musk Donated $5.7 Billion of Tesla Shares to CharityTrump's Accountants Just Quit. What Took So Long?Jho Low’s Wild Nights on Display: $250,000 for DiCapri

  • FBI Calls Crypto ‘Only Game in Town’ as Ramsomware Flourishes

    (Bloomberg) -- Cryptocurrencies and deep-fake technology are sending chills throughout the U.S. government, with cyber crooks embracing digital innovations so rapidly that law enforcement can barely keep up, according to the Federal Bureau of Investigation. Most Read from BloombergStocks Pare Declines After Federal Reserve Minutes: Markets WrapElon Musk Donated $5.7 Billion of Tesla Shares to CharityTrump's Accountants Just Quit. What Took So Long?Jho Low’s Wild Nights on Display: $250,000 for D

  • 21 y/o Habbo To Enable Gas-Free Trading and Minting With Immutable X

    Both Habbo and Immutable X are known for their dedication to conserving the environment and thus, they are ensuring carbon neutrality of their NFTs.

  • India adds 54 more Chinese apps to ban list; Sea says it complies with laws

    Since the start of political tension with China in 2020 following a border clash, India's ban list, which initially had 59 Chinese apps, including TikTok, has expanded to cover 321 apps. India believes user data was being sent via the apps to servers in China, one of the government sources, who sought anonymity in line with policy, told Reuters.

  • Latest Ethereum price and analysis (ETH to USD)

    Ethereum has broken free of its shackles below $3,000 following a healthy move to the upside during the early hours of Tuesday.

  • Microsoft employees will start returning to the office Feb. 28

    Microsoft exec Chris Capossela attributed the move to improving health conditions as the omicron surge recedes.

  • FBI says BlackByte ransomware group has breached critical US infrastructure

    Representatives from the San Francisco 49ers have confirmed the security breach.

  • ETHDenver Agenda: 3 Big Themes in 2022

    DEK: What you need to know about Ethereum’s big event this winter.

  • All banks to register alphanumeric SMS IDs after OCBC phishing scam: Josephine Teo

    All major retail banks in Singapore will be required to register their alphanumeric IDs, in the wake of the recent OCBC Bank SMS phishing scam, says Josephine Teo.