The Worldwide Financial Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF e mail accounts earlier this yr.
This worldwide monetary establishment, funded by 190 member nations, can also be a serious United Nations monetary company headquartered in Washington, D.C.
In keeping with a press launch revealed at the moment, the IMF detected the incident in February and is now conducting an investigation to evaluate the assault’s affect.
To this point, the IMF has discovered no proof that the attackers gained entry to different techniques or sources outdoors of the breached e mail accounts.
“The Worldwide Financial Fund (IMF) not too long ago skilled a cyber incident, which was detected on February 16, 2024. A subsequent investigation, with the help of impartial cybersecurity specialists, decided the character of the breach, and remediation actions had been taken,” the IMF stated.
“The investigation decided that eleven (11) IMF e mail accounts had been compromised. The impacted e mail accounts had been re-secured. We’ve no indication of additional compromise past these e mail accounts at this time limit. The investigation into this incident is continuous.”
Whereas the IMF did not present different particulars concerning the breach, the group confirmed that it makes use of the Microsoft 365 cloud-based e mail platform.
“We will disclose that 11 IMF e mail accounts had been compromised. They’ve since been re-secured. For safety causes, we can not disclose additional particulars,” an IMF spokesperson advised BleepingComputer.
“Sure, we will verify, IMF does use Microsoft 365 e mail. Based mostly on our investigative findings to this point, this incident doesn’t look like a part of Microsoft concentrating on.”
Redmond revealed in January that the Midnight Blizzard Russian hacking group tied to the Russian International Intelligence Service (SVR) stole Microsoft company emails in a month-long breach after compromising Alternate On-line accounts in a password spray assault to entry a legacy non-production take a look at tenant surroundings.
Days later, Hewlett Packard Enterprise (HPE) additionally disclosed that the Russian hackers had gained unauthorized entry to a few of its Microsoft Workplace 365 e mail accounts and exfiltrated information since Could 2023.
It’s unclear whether or not these incidents are related to the safety breach that led to the breach of IMF’s e mail accounts.
The IMF was additionally hacked in 2011 in an incident described as a “a really main breach” by an official, which compelled the World Financial institution to sever connections between the 2 organizations’ networks as a precaution.
Replace March 15, 16:11 EDT: Added IMF assertion.