Cyber Incident Victim: International Centre for Migration Policy Development (ICMPD)

The International Centre for Migration Policy Development (ICMPD) confirmed a cyberattack on August 31, 2022, following claims by the Karakurt extortion group. Karakurt publicly touted the theft of 375 gigabytes of sensitive data, including financial documents, banking information, personal data, project budgets, insurance records, passport scans, employee correspondence, and organizational mailboxes. The group specifically highlighted stolen contracts, invoices, and communications related to ICMPD’s migration projects. ICMPD, an intergovernmental organization operating in 90 countries with 19 member states and UN observer status, did not disclose the exact attack date but acknowledged "limited access" to individual servers. Internal and external IT experts formed a task force to investigate the breach’s scope and origins.

ICMPD’s response team acted within 45 minutes of detection, disconnecting external networks and taking all websites offline to contain the attack. The organization reported the incident to law enforcement and began notifying affected individuals about protective measures. Karakurt, linked by security firms and U.S. agencies to the Conti ransomware group, typically extorted ransoms between $25,000 and $13 million in Bitcoin. The FBI and CISA noted Karakurt’s pattern of harassing victims’ employees and partners to pressure payments, often leveraging credentials or access purchased from other cybercriminals. Blockchain analysis confirmed financial ties between Karakurt and Conti wallets. The breach followed a similar high-profile attack on the Red Cross’s Restoring Family Links program in late 2021, which drew international condemnation for compromising humanitarian operations. ICMPD’s investigation remained ongoing to determine the full extent of data exposure across its migration research and partnership networks.