Email accounts of the International Monetary Fund compromised

Threat actors compromised at least 11 International Monetary Fund (IMF) email accounts earlier this year, the organization revealed.

The International Monetary Fund (IMF) disclosed a security breach, threat actors compromsed 11 email accounts earlier this year. The agency discovered the incident on February 16, 2024, and immediately launched an investigation with the help of cybersecurity experts.

The International Monetary Fund (IMF) is a major financial agency of the United Nations, and an international financial institution funded by 190 member countries. Its stated mission is “working to foster global monetary cooperation, secure financial stability, facilitate international trade, promote high employment and sustainable economic growth, and reduce poverty around the world.”

“The investigation determined that eleven (11) IMF email accounts were compromised. The impacted email accounts were re-secured. We have no indication of further compromise beyond these email accounts at this point in time. The investigation into this incident is continuing.” reads a statement published by the organization.

“The IMF takes prevention of, and defense against, cyber incidents very seriously and, like all organizations, operates under the assumption that cyber incidents will unfortunately occur. The IMF has a robust cybersecurity program in place to respond quickly and effectively to such incidents.”

The agency has already secured the compromised email accounts and added that it is not aware of further compromise beyond them.

Bleeping computer contacted IMF, which confirmed that that despite it uses the Microsoft 365, the incident does not appear to be part of Microsoft targeting recently disclosed.

This isn’t the first incident suffered by IMF, the agency suffered a major security breach in 2011.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, International Monetary Fund)