The fund, which oversees financial crises worldwide and maintains sensitive financial information about member countries, disclosed the incident to employees and its board of directors on Wednesday, according to a report in the New York Times, which first reported the news. The attack, which occurred over the last several months, led to a “very major breach,” according to the paper, citing an official familiar with the incident.
The IMF did not immediately respond when contacted by SCMagazineUS.com on Monday. The organization has not publicly disclosed the attack.
Many details about the incident, including to what information the attackers gained access, remain unknown. Based on the limited information that is currently available, the attack, which may have been state-sponsored, appears to have begun with a so-called spear phishing email that introduced malware onto an IMF desktop. Attackers then used this entryway to access fund systems.
In its internal memo to employees, the IMF reportedly said it had detected “suspicious file transfers.”
In light of the attack, the IMF also reportedly told staff it would be replacing their RSA SecurID tokens, which are used for authentication. The fund said it does not believe, however, that the attack was linked to the recent cyberattack against RSA that garnered intruders sensitive information about SecurID products. The stolen SecurID data was leveraged in an attack against defense contractor Lockheed Martin.
According to reports, unease over the IMF breach has caused the World Bank, which provides financial assistance to developing countries around the world, to disconnect a computer link that allows the two organizations to share information.
“It seems a single day can't pass without a well-known institution making the headlines for being the victim of a hacking attack or loss of sensitive data,” Graham Cluley, senior technology consultant at anti-virus firm Sophos, wrote in a blog post Sunday. “All organizations need to take the seemingly growing tide of internet attacks as a warning sign, and ensure that they have strong defenses in place and that every member of staff has been trained in best practices to reduce the risk.”
Meanwhile, the fund has made headlines in recent weeks following the arrest and resignation of its former chief, Dominique Strauss-Kahn, whose alleged sexual assault offense has been leveraged by cybercriminals to distribute Mac OS X malware, Cluley said.