Red Cross data breach

Last updated

On 20 January 2022, the International Committee of the Red Cross made an appeal to hackers who had stolen private data, saying they would speak "directly and confidentially" to those responsible for the attack. [1] [2] [3] The hackers had stolen private data on more than 515,000 vulnerable people from at least 60 Red Cross and Red Crescent societies. [1] [2] [3] So far there is no proof that the data has been leaked, but the ICRC said that their gravest concern was the risk posed by exposing the data. [1] [2] [3]

Contents

The attack was aimed at a Swiss contractor that stores the data. [3]

The perpetrators have not been identified.

Impact

The ICRC has suspended access to compromised computer systems which are part of the Restoring Family Links programme, which was targeted in the attack. [1] [2] [3] A spokesman said "We will do our utmost to ensure some business continuity and a resumption of services as soon as possible". [1] [3]

Related Research Articles

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

<span class="mw-page-title-main">International Federation of Red Cross and Red Crescent Societies</span> Humanitarian organization

The International Federation of Red Cross and Red Crescent Societies (IFRC) is a worldwide humanitarian aid organization that reaches 160 million people each year through its 191 member National Societies. It acts before, during and after disasters and health emergencies to meet the needs and improve the lives of vulnerable people. It does so independently and with impartiality as to nationality, race, gender, religious beliefs, class and political opinions.

<span class="mw-page-title-main">Data breach</span> Intentional or unintentional release of secure information

A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".

<span class="mw-page-title-main">Syrian Arab Red Crescent</span>

The Syrian Arab Red Crescent (SARC) is a humanitarian nonprofit organization. Its headquarters are in the Syrian capital city of Damascus. The society was founded in Damascus, Syria in 1942, and admitted to the International Committee of the Red Cross (ICRC) in 1946. Some of founders included were Abdul-Kader Zahra, Jamil Kabara, Sami Al-Meedani, Shafiq Diyab, Mustafa Shawky, Ahmed Kadary, Wade Saydawy, Mounib Rifai, and others. The society is part of the International Federation and has been recognized by the ICRC. The SARC has 14 branches all over Syria and 75 sub-branches. Volunteer based, the SARC has around 11,000 trained volunteers that work in the areas of first aid, first aid training, disaster response and relief, psycho-social support, and health in general. SARC also partners with local charity organizations and works with the relevant components of the Syrian community, with UN agencies and NGOs.

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat groups, against other countries.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

<span class="mw-page-title-main">Cyberattack</span> Attack on a computer system

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

Cozy Bear, classified by the United States federal government as advanced persistent threat APT29, is a Russian hacker group believed to be associated with one or more intelligence agencies of Russia. The Dutch General Intelligence and Security Service (AIVD) deduced from security camera footage that it is led by the Russian Foreign Intelligence Service (SVR); this view is shared by the United States. Cybersecurity firm CrowdStrike also previously suggested that it may be associated with either the Russian Federal Security Service (FSB) or SVR. The group has been given various nicknames by other cybersecurity firms, including CozyCar, CozyDuke, Dark Halo, The Dukes, NOBELIUM, Office Monkeys, StellarParticle, UNC2452, and YTTRIUM.

Lazarus Group is a cybercrime group made up of an unknown number of individuals run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and Zinc.

<span class="mw-page-title-main">Vault 7</span> CIA files on cyber war and surveillance

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers, and the operating systems of most smartphones, as well as other operating systems such as Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the C.I.A.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

<span class="mw-page-title-main">Health Service Executive ransomware attack</span> 2021 cyber attack on the Health Service Executive in Ireland

On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.

<span class="mw-page-title-main">Cyber Partisans</span> Belarusian hacktivist group

Cyber Partisans is a Belarusian decentralized anonymous activist/hacktivist collective emerged in September 2020, known for its various cyber attacks against the authoritarian Belarusian government. The group is part of the broader Belarusian opposition movement.

<span class="mw-page-title-main">2021 Epik data breach</span> 2021 cybersecurity incident

On September and October 2021, a data breach targeted on the American domain registrar and web hosting company Epik, was exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group is globally active, and has members arrested in Brazil and the UK.

References

  1. 1 2 3 4 5 "Red Cross appeals to hackers after major cyberattack". TheJournal.ie . 2022-01-20. Retrieved 2022-01-21.
  2. 1 2 3 4 McGowran, Leigh (2022-01-20). "Red Cross cyberattack exposes data of 515,000 'highly vulnerable people'". Silicon Republic . Retrieved 2022-01-21.
  3. 1 2 3 4 5 6 Dobberstein, Laura (2022-01-20). "Red Cross forced to shutter family reunion service following cyberattack and data leak". The Register . Retrieved 2022-01-21.