Nothing is known about the cyber attack on the ICRC, but Devex learned from Massimo Marelli, the organization’s chief data protection officer, that according to preliminary data, the attack is considered as “similar to the state.”
According to Marelli, “The people who do forensics told him that it was a very complex and targeted operation.” “It’s complex enough to be comparable to [state-owned] or state-like.”
At the same time, the representative of the ICRC speaks cautiously and urges not to draw premature conclusions, as he fears that the organization may be drawn into political games.
The Central Tracing Agency, the ICRC unit that was the victim of the attack, is under the protection of the Geneva Conventions, according to Marelli, so “it should be clear to everyone that what happened is unacceptable.”
The hack, which occurred last year on Nov. 9 and was discovered on Jan. 18, deliberately targeted ICRC servers that held information on more than 500,000 people using family reunification services, according to the organization.
The identity of the hackers is unknown, according to Marelli, who said that numerous questions remain over the cyberattack — described as one of the largest ever on a humanitarian organization — including its motive and what happened to the data accessed