IMF Latest Organization to Be Hit by 'Sophisticated' Cyberattack
The International Monetary Fund is the latest major institution to suffer a major, sophisticated cyberattack designed to steal confidential, valuable information.
An official with knowledge of the incident told the New York Times that the attack the official called it a "very major breach" occurred over the past several months.
The IMF informed its staff and board of directors of the attack in an internal memo on Wednesday (June 8), but has not made a public statement.
The Times' source would not confirm further details, but the newspaper implies that the hackers apparently orchestrated the IMF attack using spear-phishing emails carefully crafted messages addressed to specific employees and made to appear to come from a trusted source.
In similar attacks in recent months upon the British and French treasuries and the European Commission, attachments linked to spear-phishing emails have hidden dangerous payloads which, when opened, tunnel into an organization's network and open "back doors" to the attackers.
Because each message is tailored to the recipient, spear-phishing attacks can be much more effective than traditional phishing scams.
The Times' sources declined to speculate on where the attack originated, but very similar attacks have been linked to the Chinese government.
The Times reports that the incident began before the May 14 arrest of then-IMF head Dominique Strauss-Kahn on sexual assault charges.
David Hawley, an IMF spokesperson, said the organization is still "fully functional."
But the Times reports that the IMF's sister organization, the World Bank, cut off its dedicated network link to the IMF as a security precaution.
The two institutions sit across the street from each other in Washington, D.C., and are about two blocks from the White House.