Hack of IMF Email Accounts Highlights Microsoft Vulnerabilities

Todd Faulk
Todd Faulk Senior Editor
Todd Faulk Todd Faulk Senior Editor

The International Monetary Fund (IMF), the biggest lender to governments in the world, reported that 11 of its email accounts were hacked in February 2024. The hack adds to a growing list of large organizations that have seen their Microsoft email accounts compromised in the last year.

The IMF said it brought in cybersecurity experts to conduct remediation efforts and re-secure the accounts, but it did not disclose the nature of the compromised accounts or the impact of the breach on its operations.

“The IMF takes prevention of, and defense against, cyber incidents very seriously and, like all organizations, operates under the assumption that cyber incidents will unfortunately occur. The IMF has a robust cybersecurity program in place to respond quickly and effectively to such incidents,” the organization said in a press release.

The IMF added, “We have no indication of further compromise beyond these email accounts at this point in time. The investigation into this incident is continuing.”

The IMF is a cornerstone of the global financial system with 189 countries as members. It has loaned nearly $1 trillion to mostly developing countries that have faced financial crises since the Fund was established in 1944.

IMF officials confirmed to the BleepingComputer cybersecurity website that it uses Microsoft 365 cloud-based software for its email accounts. The email breach at the IMF follows a similar breach at Hewlett Packard Enterprise, revealed in January, in which the state-sponsored Russian hacking group Midnight Blizzard gained access to some HPE email accounts using Microsoft 365 and stole corporate information using them.

Security vulnerabilities at Microsoft extend well beyond its corporate customers using cloud-based Microsoft 365. The same Midnight Blizzard group hacked Microsoft itself in January through its own on-premises Exchange Online system, gaining access to corporate emails.

This follows a 2023 breach in which Chinese threat actors hacked the email accounts of 25 organizations using Microsoft Exchange Online and stole corporate data using the accounts.

About the Author
Todd Faulk
Todd Faulk
Senior Editor

About the Author

Todd Faulk is a Senior Editor at SafetyDetectives. He has more than 20 years of professional experience editing intelligence reports, course plans, and online articles. He's a freelancer who has produced work for a wide variety of clients, including the US Government, financial institutions, and travel and technology websites. Todd is a constant traveler, writer of his own travel blog, and avid reader of new developments in science and technology.

Leave a Comment