Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The attack on the International Criminal Court was targeted and sophisticated

The International Criminal Court revealed the recent attack was carried out by a threat actor for espionage purposes. The International Criminal Court shared additional information about the cyberattack that hit the organizations in September. In September, the International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the […]

International Criminal Court

The International Criminal Court revealed the recent attack was carried out by a threat actor for espionage purposes.

The International Criminal Court shared additional information about the cyberattack that hit the organizations in September.

In September, the International Criminal Court (ICC) announced that threat actors have breached its systems last week. The experts at the International Criminal Court discovered the intrusion after having detected anomalous activity affecting its information systems.

The International Criminal Court (ICC) is an intergovernmental organization and a permanent international tribunal established to prosecute individuals for the most serious international crimes, including genocide, crimes against humanity, war crimes, and the crime of aggression. It was established by the Rome Statute, which entered into force on July 1, 2002. The ICC is headquartered in The Hague, Netherlands.

The organization immediately activated the incident response plan to mitigate the incident. Now the ICC provided additional information about the attack and revealed it was carried out by a threat actor for espionage purposes. The attack was targeted and sophisticated, according to an update provided by the ICC that resumes the result of a forensic analysis of the incident, its causes and its impact, and initial mitigating measures. 

“The evidence available thus far indicates a targeted and sophisticated attack with the objective of espionage. The attack can therefore be interpreted as a serious attempt to undermine the Court’s mandate.” reads the press release published by ICC. “Based on the forensic analysis carried out, the Court has already taken and will continue to take all necessary steps to address any compromise to data belonging to individuals, organisations and States. Should evidence be found that specific data entrusted to the Court has been compromised, those affected would be contacted immediately and directly by the Court. For the Court, the safety of its data and maintaining trust with all of its stakeholders are paramount.” 

The Court states that information currently available doesn’t allow to attribute the attack to a specific threat actor. The Dutch law enforcement authorities are still investigating the security breach.

The ICC announced it has already taken necessary steps to address any compromise to data belonging to individuals, it also implemented additional security measures to improve its cybersecurity.

“The Court is also accelerating a number of existing initiatives aimed at enhancing digital security.” concludes the press release. “This latest attack comes at the time of broader and heightened security concerns for the Court: several elected officials, including Judges of the Court and the Prosecutor, have had criminal proceedings initiated against them; the Court has recently undergone daily and persistent attempts to attack and disrupt its systems; and the Court averted an almost successful attempt to infiltrate a hostile intelligence officer into the Court under the guise of an intern.”

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ICC)