Monday, June 13, 2011

APT: International Monetary Fund Reportedly Hacked

Via H-Online -

Although no statement has been released on the web site of the International Monetary Fund (IMF), it has been reported by the New York Times and Bloomberg that the IMF has been the victim of a "large and serious" cyber attack. The full extent of the attack has not been revealed, but it has been said that the attackers were able to plant software on a computer within the IMF which enabled them to have some level of external access to its network. The software may well have been planted as a result of a targeted spear phishing attack; the IMF’s chief information officer, Jonathan Palmer, sent out an email warning employees of “increased phishing activity”. The World Bank took the problem seriously and, as a precaution, severed the network connection that allows the two organisations to share data.

According to the Bloomberg report, the attack appears to have been mounted by a foreign government, although no specific country was named. The same report quoted an unnamed source as stating that the IMF lost a "large quantity" of data which included emails and other documents. Some of the information held by the IMF is highly sensitive, much of it dealing with countries suffering financial difficulties and the negotiations in which they are involved. Very large sums of money are involved in these negotiations, around £56 billion last year in emergency loans.


What Defines an APT?
McAfee Labs summarized it well in their 2011 Threat Predictions whitepaper (PDF). The generally accepted definition of an APT is one that describes a targeted cyber espionage or cyber sabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than a pure financial/criminal reason or political protest. Not all APT attacks are highly advanced and sophisticated, just as not every highly complex and well-executed targeted attack is an APT. The motive of the adversary, not the level of sophistication or impact, is the primary differentiator of an APT attack from a cybercriminal or hacktivist one.

Suspected APT Attacks Against Other Financial Institutions
Other financial institutions such as the French Ministry of Finances and Canadian Finance Department and Treasury Board have also been the victim of hacks this year.

French Ministry of Finances
In December 2010, The French Ministry of Finance detected an attack, which appeared to target documents related to the G20 summit and the French G20 presidency. According to McAfee, over 150 computers in the ministry were infiltrated through targeted spear phishing emails containing a malicious attachments.

Canadian Finance Department and Treasury Board
A federal cabinet minister reported that, hackers, perhaps from China, compromised computers in two Canadian government departments in early January 2011. According to the CBC and other Canadian news organizations, a technique that is sometimes known as “executive spear phishing” was utilized. At the same time, other employees in the departments received e-mails that falsely appeared to come from the senior officials that included malicious Adobe PDF attachments. Reports indicate the attackers were targeting financial records.

No comments:

Post a Comment