The International Monetary Fund (IMF) recently detected a cybersecurity incident that involved nearly a dozen email accounts getting hacked.
In a statement issued last week, the United Nations financial institution said it detected the security breach on February 16, 2024.
An investigation conducted with external cybersecurity experts revealed that 11 IMF email accounts had been compromised. The hacked accounts were ‘re-secured’ and there is no indication at this point in the ongoing probe that the attacker gained access beyond these email accounts.
“The IMF takes prevention of, and defense against, cyber incidents very seriously and, like all organizations, operates under the assumption that cyber incidents will unfortunately occur,” the financial agency said. “The IMF has a robust cybersecurity program in place to respond quickly and effectively to such incidents.”
It’s unclear what the attackers’ goal was and what type of data they may have obtained from the IMF email accounts.
Compromising the email accounts of a major financial organization such as the IMF could be useful to state-sponsored cyberspies, as well as profit-driven cybercriminals who could attempt to use the accounts for advanced social engineering.
The IMF told Reuters that the list of hacked accounts did not include the ones of Managing Director Kristalina Georgieva or other top officials. The agency said top leadership was “not targeted”.
This appears to be the first cybersecurity incident disclosed by the IMF since 2011, when the agency was targeted in a cyberattack that reportedly resulted in the loss of a large quantity of data, including documents and emails.
Related: Ransomware Group Takes Credit for LoanDepot, Prudential Financial Attacks
Related: Fidelity National Financial Takes Down Systems Following Cyberattack
