International Criminal Court investigating “unprecedented” cyberattack


The International Criminal Court (ICC) has fallen victim to a sophisticated cyberattack, suspected to be an espionage operation.

The ICC said that it was taking measures to counter the “unprecedented” and “serious” cybersecurity breach it experienced more than a month ago.

Mitigating steps were taken based on the forensic analysis of the incident supported by external cybersecurity experts, the court said. A criminal probe was also opened by the Dutch law enforcement authorities.

“The evidence available thus far indicates a targeted and sophisticated attack with the objective of espionage. The attack can therefore be interpreted as a serious attempt to undermine the Court’s mandate,” the ICC said in a statement.

It said that it was not “presently possible” to confirm who is responsible for the attack, first detected five weeks ago.

The ICC is an international tribunal based in the Hague, the Netherlands. It was established in 2002 to prosecute individuals for war crimes, genocide, and crimes against humanity under international law.

In March, the ICC issued an arrest warrant against Russian President Vladimir Putin for alleged war crimes in Ukraine. In response, Russia, which does not recognize the court’s jurisdiction, issued arrest warrants against senior ICC judges.

Efforts to disrupt the court’s systems followed and the ICC has also thwarted an “almost successful” infiltration attempt by a hostile intelligence officer under the guise of an intern.

“The Court has also identified that disinformation campaigns targeting the ICC and its officials may be anticipated to be launched in an effort to tarnish the ICC image and delegitimize its activities,” the ICC said.

While it is not clear how the ICC’s systems were initially breached, it was most likely executed via a phishing attack or by exploiting an unpatched vulnerability, according to William Wright of Closed Door Security, a cybersecurity firm.

“Given the information held by the ICC, this was never just a chance attack. It was more likely planned by a nation-state actor that knew exactly what they wanted and how to get it,” Wright said.

Whether data was exfiltrated or simply viewed, threat actors appeared to have managed to enter and leave the system without leaving a trace, Wright noted.

“This means we may not understand the full extent of this attack until the criminals make it public or use it against the ICC,” he said.

The ICC said it was bolstering its cyber defenses and taking steps to protect victims and witnesses potentially exposed by the attack against possible repercussions.

“Based on the forensic analysis carried out, the Court has already taken and will continue to take all necessary steps to address any compromise to data belonging to individuals, organizations, and states,” the court said.

“Should evidence be found that specific data entrusted to the Court has been compromised, those affected would be contacted immediately and directly by the Court,” it said.