Security News > 2022 > February > Red Cross: State hackers breached our network using Zoho bug
The International Committee of the Red Cross said today that the hack disclosed last month against its servers was a targeted attack likely coordinated by a state-backed hacking group.
To breach the Red Cross servers, the threat actors used tactics and custom hacking tools "Designed for offensive security" and obfuscation techniques to evade detection, usually linked to advanced persistent threat groups.
The Red Cross also noted the targeted nature of the attack made evident by the attackers' use of "Code designed purely for execution on the targeted ICRC servers" and using the targeted servers' MAC address.
The Red Cross discovered during the investigation that the intruders were able to maintain access to its servers for 70 days after the initial breach that took place on November 9, 2021.
The Red Cross did not attribute the attack to a specific threat actor and urged the hackers not to share, leak, or sell the extremely sensitive data accessed during the incident.
Palo Alto Networks researchers linked a hacking campaign exploiting this Zoho bug to the Chinese-sponsored group known as APT27, later observed by the BfV German domestic intelligence services targeting German commercial organizations since March 2021 using the same bug.