Hackers hit IMF with ‘sophisticated cyberattack’, reports claim

IMFThe International Monetary Fund (IMF) has suffered a major hack, according to media reports this weekend.

The organisation, already making the headlines following the arrest and resignation of its boss Dominique Strauss-Kahn (whose alleged perpetration of a sexual assault has itself been used as springboard for malware attacks), attempts to oversee financial crises around the world and promote economic development.

According to a New York Times report, senior sources within the IMF confirmed to the newspaper that the organisation had suffered a “very major breach” and was deemed serious enough to cut a computer link between the IMF and its near neighbour in downtown Washington, the World Bank.

A World Bank spokesman is reported by the New York Times to say that the disconnection was taken out of “an abundance of caution” until the nature of the attack on the IMF, was understood. The link was apparently quickly restored, and no attack on the World Bank is said to have occurred.

Sign up to our free newsletter.
Security news, advice, and tips.

Coin in World bankBloomberg, meanwhile, claims to have got its hands on a series of internal emails and memos distributed to IMF staff, warning them that computer systems had been compromised by hackers:

"Last week we detected some suspicious file transfers, and the subsequent investigation established that a Fund desktop computer had been compromised and used to access some Fund systems. At this point, we have no reason to believe that any personal information was sought for fraud purposes."

Furthermore, the IMF is said to have told staff on June 8 that it would be replacing their RSA SecurID tokens, used for authentication.

Inevitably, speculation is likely to rise that the attack on the IMF may have been connected to the recent security breach at RSA (which has, in turn, affected the likes of Lockheed Martin and possibly other military contractors) however, an IMF source is said to have told the New York Times that no such link is suspected in this attack.

It seems a single day can’t pass without a well-known institution making the headlines for being the victim of a hacking attack or loss of sensitive data. All organisations need to take the seemingly growing tide of internet attacks as a warning sign, and ensure that they have strong defences in place and that every member of staff has been trained in best practices to reduce the risk.

You can read more about the alleged hack in these New York Times and Bloomberg reports.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.