The email of the cybercriminal who sold the data stolen to the International Committee of the Red Cross (ICRC) was also allegedly used to create sites linked to cyber influence from Iran.

On 19 January 2022, the International Committee of the Red Cross (ICRC) revealed a cyberattack that led to the theft of personal data of more than 500,000 people receiving Red Cross or Red Crescent assistance. The hack also involved data from the Restoring Family Links programme, which aims to reconnect people separated by war, violence, or migration.

On the same day, cybersecurity researchers discovered that a hacker called Sheriff was offering the data for sale on a dark web forum, implying that a ransom note had been sent to the ICRC and that it had refused to pay.

The email used by this Sheriff also appears in an FBI warrant from early 2021 concerning a large-scale cyber influence operation originating in Iran. The email was used to create at least three domain names for fake news sites, aimed at « promoting political narratives consistent with Iranian interests, » including « anti-Saudi, anti-Israeli, and pro-Palestinian themes, » according to FireEye researchers who worked with the FBI.

The ICRC said it had never been in contact with the perpetrators of the cyberattack, had never received a ransom note and had no evidence of the stolen data being offered for sale.

https://krebsonsecurity.com/2022/02/red-cross-hack-linked-to-iranian-influence-operation/

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.