Hacking the Red Cross could be carried out by government hackers

Last month, a Red Cross contractor was hacked, leaking the personal information of 515,000 people. According to the organization, government hackers who exploited a vulnerability in Zoho products may have been behind the attack.

When the attack became known, representatives of the Red Cross asked the hackers “not to share, sell, disclose or use this data in any other way.”

Now the International Committee of the Red Cross (ICRC) has submitted a more detailed report on the incident. It turned out that the attack took place back in November 2021, and the attackers were present on the organization’s network for several months (until it was discovered on January 18, 2022).

The Red Cross said the hackers used an exploit for the CVE-2021-40539 vulnerability to penetrate the network. This bug affects Zoho ManageEngine ADSelfService Plus, a password management and SSO solution from the Indian company Zoho. The vulnerability allows attackers to bypass authentication, host web shells on the target’s servers, and then traverse the network and compromise administrator credentials.

While it was initially unclear who was behind the attack, the Red Cross now says that the “advanced hacking tools” used for the hack are typically used by APT groups and are not available to ordinary hackers. This abbreviation stands for “advanced persistent threat” and is usually used to refer to hacker groups sponsored by the authorities and following their orders.

Let me remind you that we also wrote that 38 Million User Records Leaked Due to Misconfiguration of Microsoft Power Apps.