The International Monetary Fund disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year.
This international financial institution, funded by 190 member countries, is also a major United Nations financial agency headquartered in Washington, D.C. According to a press release published today, the IMF detected the incident in February and is now conducting an investigation to assess the attack's impact.
The IMF has found no evidence that the attackers gained access to other systems or resources outside of the breached email accounts.
While the IMF didn't provide other details regarding the breach, the organization uses Microsoft's cloud-based Office 365 email platform.
Redmond revealed in January that the Midnight Blizzard Russian hacking group tied to the Russian Foreign Intelligence Service stole Microsoft corporate emails in a month-long breach after compromising Exchange Online accounts in a password spray attack to access a legacy non-production test tenant environment.
Days later, Hewlett Packard Enterprise also disclosed that the Russian hackers had gained unauthorized access to some of its Microsoft Office 365 email accounts and exfiltrated data since May 2023.
It is unclear whether these incidents are connected to the security breach that led to the breach of IMF's email accounts.
In September 2023, the Chinese Storm-0558 hacking group also stole 60,000 emails from U.S. State Department accounts after breaching Microsoft's Exchange email servers.
An IMF spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
Canada's anti-money laundering agency offline after cyberattack.
RCMP investigating cyber attack as its website remains down.
Lurie Children's Hospital took systems offline after cyberattack.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 15 Mar 2024 19:50:13 +0000