International Centre for Migration Policy Development, which operates across 90 countries, had its servers breached in an attack claimed by the Karakurt ransomware group
, reports The Record
, a news site by cybersecurity firm Recorded Future.
Aside from touting the theft of financial documents, personal data, and banking details on Telegram, Karakurt explained on its leak site that it had stolen 375GB of data, including contract scans and correspondences, project budgets, invoices, financial and insurance documents, and passports, as well as the mailboxes of the ICMPD's key members.
However, ICMPD Communication Coordinator Bernhard Schragl said that only "limited access" was gained by attackers to its systems.
"Professional preparation, as well as quick and decisive actions, have prevented the attackers from inflicting additional harm. In less than 45 minutes after detection, an emergency response team was established, all external network connections were disconnected and all websites taken down to prevent the attack from spreading further," added Schragl.