Representational image
New Delhi: The International Committee of the Red Cross (ICRC) is pointing its finger at the state-sponsored hackers behind the recent cyber-attack on it
The attack led to compromising the data of more than 515,000 "highly vulnerable" people, says a report.
The initial intrusion according to ICRC dates back to November 9, 2021, two months before the attack was disclosed on January 18.
The breach included personal data such as names, locations, and contact information of people from across the world.
"The attackers used a very specific set of advanced hacking tools designed for offensive security. These tools are primarily used by advanced persistent threat (APT) groups, are not available publicly and are therefore out of reach to other actors," Red Cross said late on Wednesday.
They carried out the attack using sophisticated obfuscation techniques to hide and protect their moves.
"This requires a high level of skills only available to a limited number of actors," the Red Cross added.
Using an "unpatched crucial vulnerability", they entered its network and thus accessed systems
"Once inside our network, the hackers were able to deploy offensive security tools which allowed them to disguise themselves as legitimate users or administrators. This, in turn, allowed them to access the data, despite this data being encrypted," according to the Red Cross.
The people affected include missing people and their families, detainees and other people receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters or migration, IANS reports.
"We do not believe it is in the best interest of the people whose data is involved, to share further details about who they are, where they are or where they came from," said the Red Cross.
Red Cross said it has partnered with key technology partners and highly specialised firms to help it navigate through the crisis.