The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year.
This international financial institution, funded by 190 member countries, is also a major United Nations financial agency headquartered in Washington, D.C.
According to a press release published today, the IMF detected the incident in February and is now conducting an investigation to assess the attack’s impact.
So far, the IMF has found no evidence that the attackers gained access to other systems or resources outside of the breached email accounts.
“The International Monetary Fund (IMF) recently experienced a cyber incident, which was detected on February 16, 2024. A subsequent investigation, with the assistance of independent cybersecurity experts, determined the nature of the breach, and remediation actions were taken,” the IMF said.
“The investigation determined that eleven (11) IMF email accounts were compromised. The impacted email accounts were re-secured. We have no indication of further compromise beyond these email accounts at this point in time. The investigation into this incident is continuing.”
While the IMF didn’t provide other details regarding the breach, the organization confirmed that it uses the Microsoft 365 cloud-based email platform.
“We can disclose that 11 IMF email accounts were compromised. They have since been re-secured. For security reasons, we cannot disclose further details,” an IMF spokesperson told BleepingComputer.
“Yes, we can confirm, IMF does use Microsoft 365 email. Based on our investigative findings to date, this incident does not appear to be part of Microsoft targeting.”
Redmond revealed in January that the Midnight Blizzard Russian hacking group tied to the Russian Foreign Intelligence Service (SVR) stole Microsoft corporate emails in a month-long breach after compromising Exchange Online accounts in a password spray attack to access a legacy non-production test tenant environment.
Days later, Hewlett Packard Enterprise (HPE) also disclosed that the Russian hackers had gained unauthorized access to some of its Microsoft Office 365 email accounts and exfiltrated data since May 2023.
It is unclear whether these incidents are connected to the security breach that led to the breach of IMF’s email accounts.
The IMF was also hacked in 2011 in an incident described as a “a very major breach” by an official, which forced the World Bank to sever connections between the two organizations’ networks as a precaution.
Update March 15, 16:11 EDT: Added IMF statement.
Source: www.bleepingcomputer.com