Cyber Incident Victim: International Criminal Court
Date:
Sep 2023
Location:
Netherlands
Summary
The International Criminal Court experienced a cyberattack characterized as an act of espionage, potentially compromising sensitive data related to war crimes investigations, including witness information. The Court, collaborating with Dutch authorities, initiated a criminal investigation into the incident, which it stated represented a serious attempt to undermine its mandate. The attack occurred amid heightened security concerns, including threats against Court officials following the issuance of arrest warrants for Russian President Vladimir Putin and associates over alleged war crimes in Ukraine. This incident follows prior espionage attempts targeting the institution, including a documented case involving an alleged Russian intelligence officer attempting infiltration using false credentials. Security measures were implemented to mitigate risks to victims, witnesses, and ongoing operations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early September 2023, the International Criminal Court (ICC) in The Hague experienced a cybersecurity incident affecting its information systems. The Court publicly acknowledged the attack following media inquiries but declined to specify its scale or technical nature. Initial reports from undisclosed sources indicated that a significant volume of sensitive documents may have been compromised during the breach, though ICC officials refrained from confirming these claims. The Court's spokesperson confirmed the activation of an investigative response in coordination with Dutch national authorities, with particular focus on determining whether foreign state actors were involved. This collaboration included implementing unspecified security measures to contain the incident. The ICC emphasized the critical sensitivity of its data holdings, which include evidence and documentation related to active investigations into genocide, crimes against humanity, and war crimes, as well as protected witness testimonies that could endanger individuals if exposed.
The ICC formally characterized the September incident as an act of espionage in subsequent official communications, describing it as a serious attempt to undermine the Court's judicial mandate. While investigators did not attribute responsibility to any specific actor, Dutch law enforcement agencies initiated a criminal investigation into the breach. The Court maintained uncertainty regarding whether any classified materials were actually exfiltrated but established protocols to immediately notify affected parties should evidence of data compromise emerge. In response to the attack, the ICC implemented enhanced security protocols focused on mitigating potential operational disruptions and evaluating risks to witness safety, judicial personnel, and ongoing investigations. This cybersecurity event occurred amidst heightened institutional security concerns, including direct threats against ICC officials following the Court's March 2023 issuance of arrest warrants for Russian President Vladimir Putin and Children's Rights Commissioner Maria Lvova-Belova regarding alleged war crimes in Ukraine. The incident also followed a June 2022 Dutch intelligence operation that intercepted a suspected Russian military intelligence officer attempting to infiltrate the ICC using forged Brazilian documentation, resulting in deportation and foreign prosecution. The Court's security posture remains elevated due to these cumulative threats targeting its war crimes documentation and judicial processes.