IMF discloses cyberattack compromising 11 email accounts

The IMF immediately secured the affected accounts and found no evidence of further compromise.

Logo, Emblem, Symbol

In February, the International Monetary Fund (IMF) disclosed a cyberattack resulting in the compromise of 11 email accounts, as announced by the organisation.

According to the IMF, the cyber incident was first identified on 16 February, prompting an immediate response. To understand the nature of the breach, the IMF conducted a thorough investigation alongside independent cybersecurity experts. Remedial measures were promptly implemented, and the investigation concluded that eleven IMF email accounts had been compromised. The affected email accounts have since been reinforced to prevent further unauthorised access.

Currently, there’s no evidence suggesting any additional compromise beyond these accounts. However, the organisation reassured ongoing efforts to delve deeper into the incident.

Reuters noted that none of the accessed email accounts belonged to senior leadership within the IMF.

Inquiries regarding the perpetrators and the extent of data accessed were met with a response emphasising security constraints: ‘For security reasons, we cannot provide further details or confirm attribution,’ a spokesperson conveyed to Recorded Future News.

Why does it matter?

The IMF has encountered cybersecurity challenges before. In 2011, the organisation faced a breach allegedly perpetrated by a nation state actor. The breach, discovered after months of undercover file exploration, prompted the IMF to sever digital connections with the World Bank to contain the fallout.

Unusual file transfers from a single IMF computer initially raised suspicions, and the reports suggested that emails and sensitive documents were among the stolen data.