The Worldwide Financial Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF electronic mail accounts earlier this yr.
This worldwide monetary establishment, funded by 190 member international locations, can also be a serious United Nations monetary company headquartered in Washington, D.C.
In response to a press launch printed immediately, the IMF detected the incident in February and is now conducting an investigation to evaluate the assault’s affect.
To date, the IMF has discovered no proof that the attackers gained entry to different programs or assets outdoors of the breached electronic mail accounts.
“The Worldwide Financial Fund (IMF) not too long ago skilled a cyber incident, which was detected on February 16, 2024. A subsequent investigation, with the help of unbiased cybersecurity specialists, decided the character of the breach, and remediation actions had been taken,” the IMF mentioned.
“The investigation decided that eleven (11) IMF electronic mail accounts had been compromised. The impacted electronic mail accounts had been re-secured. We’ve no indication of additional compromise past these electronic mail accounts at this time limit. The investigation into this incident is constant.”
Whereas the IMF did not present different particulars concerning the breach, the group confirmed that it makes use of the Microsoft 365 cloud-based electronic mail platform.
“We will disclose that 11 IMF electronic mail accounts had been compromised. They’ve since been re-secured. For safety causes, we can not disclose additional particulars,” an IMF spokesperson advised BleepingComputer.
“Sure, we will verify, IMF does use Microsoft 365 electronic mail. Based mostly on our investigative findings thus far, this incident doesn’t look like a part of Microsoft concentrating on.”
Redmond revealed in January that the Midnight Blizzard Russian hacking group tied to the Russian International Intelligence Service (SVR) stole Microsoft company emails in a month-long breach after compromising Alternate On-line accounts in a password spray assault to entry a legacy non-production take a look at tenant setting.
Days later, Hewlett Packard Enterprise (HPE) additionally disclosed that the Russian hackers had gained unauthorized entry to a few of its Microsoft Workplace 365 electronic mail accounts and exfiltrated information since Could 2023.
It’s unclear whether or not these incidents are related to the safety breach that led to the breach of IMF’s electronic mail accounts.
The IMF was additionally hacked in 2011 in an incident described as a “a really main breach” by an official, which compelled the World Financial institution to sever connections between the 2 organizations’ networks as a precaution.
Replace March 15, 16:11 EDT: Added IMF assertion.