Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

IMF investigates data breach affecting email accounts

The International Monetary Fund (IMF) has disclosed a cyber incident it discovered last month, in which a number of its email accounts were breached.

user icon Daniel Croft
Mon, 18 Mar 2024
IMF investigates data breach affecting email accounts
expand image

The organisation, which is a major UN financial agency funded by 190 member nations, announced that it had determined through an investigation that 11 IMF email accounts were accessed by the threat actors in the incident. However, it said that there was no sign that any other systems were breached.

“The impacted email accounts were re-secured,” said the IMF in a statement.

“We have no indication of further compromise beyond these email accounts at this point in time. The investigation into this incident is continuing.”

============
============

Outside of the few details provided in the press release, the IMF has kept details of the breach close to its chest, failing to reveal who is behind the incident or what data may have been exfiltrated.

It did, however, add that incidents like this are taken with the utmost seriousness and that it expects that further incidents are inevitable in the current cyber climate.

“The IMF takes prevention of, and defense against, cyber incidents very seriously and, like all organisations, operates under the assumption that cyber incidents will unfortunately occur,” it said.

“The IMF has a robust cyber security program in place to respond quickly and effectively to such incidents.”

It is worth noting that the IMF confirmed with BleepingComputer that it uses the Microsoft 365 email service, the same service that suffered a cyber attack at the hands of the Midnight Blizzard hacking group with connections to the Russian Foreign Intelligence Service (SVR).

While there is no evidence to suggest that the IMF has been caught up in the Microsoft incident, other organisations have been, including Hewlett Packard Enterprise.

Midnight Blizzard is an infamous hacking group, which, while not as notable in the last year or so, was responsible for the notorious SolarWinds supply chain attack of 2020 that affected a number of major companies, including Microsoft, Intel, FireEye, Deloitte, and Cisco, as well as US government departments such as Homeland Security, Treasury, and Commerce.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.