On September 19, the International Criminal Court (ICC) advised that it had detected anomalous activity affecting its networks. Once discovered, the ICC took immediate steps to respond a mitigate the activity. Since the ICC is based in the Hague, Dutch authorities have been assisting with the investigation of the incident. So far, neither the ICC nor Dutch authorities have offered more details on the nature of the attack or the actors behind it.
Source: Bleeping Computer
Analysis
The ICC was created to investigate and prosecute individuals responsible for grave offenses and war crimes. In March 2023, the ICC issued arrest warrants for Vladimir Putin and Maria Lvova-Belova for their role in the unlawful transfer of children from occupied areas of Ukraine to Russia. The ICC is also investigating Russia’s invasion of Ukraine and allegations of war crimes, such as the Bucha massacre in 2022.
Obviously, any details from these investigations would be of significant interest to Russian Intelligence Services (RIS). The RIS have a track record of targeting international organizations conducting Russia-related investigations. For example, in 2018, Dutch authorities disrupted four Russian Military Intelligence Directorate (GRU) officers conducting a close-access cyber operation against the Organization for the Prohibition of Chemical Weapons (OPCW) located in the Hague. At the time, the OPCW was investigating alleged instances of Russia using chemical weapons in Syria and the poisoning of two UK citizens with nerve gas. The four GRU operatives were caught red-handed with hacking devices and high-powered antennas in a rental car in the parking lot of the OPCW. They were immediately relieved of these devices and sent back to Russia.
Mitigation
Field Effect recommends that governments and organizations in Ukraine, those in support of Ukraine, and those working contrary to Russian interests adopt a heightened cybersecurity posture given the threat posed by Russian state-sponsored cyber actors. We encourage all organizations to review the U.S. Cybersecurity & Infrastructure Security Agency (CISA) Shields Up program, which provides robust guidance for preparing, responding to, and mitigating the impacts of Russian state-sponsored cyberattacks.
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for novel TTPs and IoCs associated with nation-state sponsored groups. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate threat activity.
References
