The January 2022 International Committee of the Red Cross (ICRC) data breach was caused by an unpatched critical vulnerability in the Single Signe-In tool developed by Zoho, a business software development company. After exploiting the vulnerability (tracked as https://nvd.nist.gov/vuln/detail/cve-2021-40539), the cybercriminals deployed offensive security tools to help gain access to ICRC's contact database, resulting in the compromise of more than 515,000 globally. Offensive security tools are used by penetration testers to discover system vulnerabilities that could be potentially exploited by cybercriminals.

How Did the Red Cross Data Breach Happen? The following sequence likely led to the Red Cross data breach.

Related Articles