Cyber Incident Victim: International Maritime Organization
Date:
Sep 2020
Location:
United Kingdom
Summary
The International Maritime Organization, a UN agency responsible for global shipping standards, experienced a significant cyberattack that disrupted its website and web services, initially described as technical issues before being confirmed as a security breach. The incident forced the shutdown of key systems to contain damage, with restoration efforts undertaken despite the organization's ISO/IEC 27001-certified security framework and geographically distributed backup infrastructure. While characterized as a sophisticated attack overcoming robust defenses, the specific nature of the intrusion—whether ransomware, DDoS, or other vectors—remained undisclosed by the agency.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The International Maritime Organization (IMO), a United Nations agency responsible for global shipping standards, experienced a significant cyber incident beginning on September 30, 2020. Initial disruptions affected the IMO’s public-facing website and associated web services, prompting the organization to issue a Twitter announcement acknowledging unspecified "technical issues" while its technical team worked on repairs. By October 2, the IMO confirmed the disruptions stemmed from a "sophisticated cyberattack" targeting its IT infrastructure, which had circumvented existing security protocols. The agency emphasized its adherence to ISO/IEC 27001:2013 standards for information security management—a certification it obtained in 2015 as the first UN body to do so—and highlighted its geographically distributed backup systems in the UK and Geneva, which underwent regular testing. In response to the intrusion, the IMO Secretariat proactively disabled critical systems to contain the attack’s spread and mitigate additional damage, prioritizing restoration efforts for impacted services.
The attack disrupted core operational systems but did not compromise the integrity of the IMO’s file servers or backups. While the organization characterized the incident as sophisticated and capable of bypassing robust defenses, it withheld technical details regarding the attack vector, leaving the nature of the breach—whether ransomware, DDoS, or another method—unverified. The IMO’s public statements underscored its reliance on preexisting contingency plans, including tested backup protocols, to expedite recovery. No explicit operational or financial consequences were disclosed, though the multi-day service interruption implied at least temporary impediments to the agency’s regulatory and coordination functions. SecurityWeek’s inquiry for additional specifics, including attribution or attack mechanics, went unanswered, leaving the incident’s full scope and perpetrator motivations unconfirmed in publicly available reporting.