News Hub

The United Nations’ International Monetary Fund confirms emails hacked in cyberattack

Written by Mon 18 Mar 2024

On Friday, a major financial agent of the United Nations (UN), the International Monetary Fund (IMF), said it is continuing to investigate a cyberattack detected on 16 February.

A spokesperson for the United Nations’ financial agent said 11 email accounts had been compromised in the cyberattack. The IMF stressed email accounts of top managers, like Director Kristalina Georgieva, were unaffected. Bleeping Computer reported the IMF confirmed it uses the cloud-based email platform, Microsoft 365.

This IMF is backed by 190 member nations, and serves as a significant financial arm of the UN, with its headquarters located in Washington, DC. 

“The impacted email accounts were re-secured. We have no indication of further compromise beyond these email accounts at this point in time. The investigation into this incident is continuing,” said the IMF.

Reuters reported the decision was made to disclose the incident due to the IMF’s commitment to transparency. A source familiar with the matter said the cybersecurity incident also served to remind staff to adhere to stringent cybersecurity practices.

The IMF said it has a ‘robust cybersecurity programme in place to respond quickly and effectively in such incidents’.

“The IMF takes the prevention of, and defence against, cyber incidents very seriously and, like all organisations, operates under the assumption that cyber incidents will unfortunately occur,” added the IMF.

Dan Lattimer, Vice President at Active Directory security and recovery platform, Semperis, suggested the incident resulted from a successful phishing attack, ‘given the IMF reminded its employees to adhere to their cyber hygiene policies’.

“Persistent threat actors will eventually hack any organisation they want, making it critical for organisations to have an assumed breach mindset … why do hackers still use phishing attacks to compromise the companies they are attacking? It is because employees keep clicking on links in their emails that can be malicious,” said Lattimer.

Lattimer added having an assumed breach mindset will help organisations recover faster from compromise.

I encourage organisations to prepare now for the inevitable cyberattacks because peacetime planning enables organisations to assess which systems are most critical to their business and give them a chance to lock them down,” said Lattimer.

Lattimer also recommended companies monitor for unauthorised changes occurring in their Active Directory environment and have real-time visibility to changes to elevated network accounts and groups.

Microsoft Battles Hackers

Last week, Microsoft said Midnight Blizzard, a hacking group linked to Russia’s foreign intelligence, is still attempting to break into its systems using data stolen from corporate emails in January.

On 8 March, Microsoft said it had seen evidence of Midnight Blizzard attempting to gain unauthorised access to its systems. analysts expressed concerns regarding the safety of Microsoft’s services and systems as Microsoft provides digital services and infrastructure to the US Government.

In January,  Microsoft said a Russian state-sponsored group, Midnight Blizzard, was responsible for hacking into corporate systems and stealing documents from staff accounts. 

On 12 January, Microsoft detected a threat from Midnight Blizzard, also known as Nobelium. Midnight Blizzard is an alleged Russia-based threat actor identified by the US and UK governments as the Foreign Intelligence Service of the Russian Federation, also known as the SVR.

The company activated a response process to investigate, disrupt malicious activity, mitigate the attack, and deny the threat actor further access. 

In the same month, Hewlett Packard Enterprises (HPE) said it suspected that Russian hackers, Midnight Blizzard, infiltrated the company’s Microsoft Office 365 email system to steal data from its cybersecurity team and other departments. 

Join Cloud & Cyber Security Expo Frankfurt

22-23 May 2024, Messe Frankfurt

Cloud & Cyber Security Expo Frankfurt is one of the largest IT security events in Europe.

Don’t miss the chance to build partnerships and discover solutions to protect your business.

Written by Mon 18 Mar 2024

Send us a correction Send us a news tip