The International Criminal Court, the world’s only permanent international court with a mandate to investigate and prosecute genocide, crimes against humanity, and war crimes, has determined that a September cyberattack against its systems was attempted espionage.
The court, headquartered in The Hague, Netherlands, confirmed last month that hackers had infiltrated its network. In an update posted Friday, the ICC said it had since determined that this incident was a “targeted and sophisticated attack” with the “objective of espionage.”
“The attack can therefore be interpreted as a serious attempt to undermine the court’s mandate,” the court said.
The ICC, which holds sensitive information related to alleged war crimes and data about witnesses who could be at risk if their identities were exposed, said it has not yet determined whether any data had been accessed or stolen during the cyberattack.
“Should evidence be found that specific data entrusted to the Court has been compromised, those affected would be contacted immediately and directly by the Court,” the ICC stated. The court has yet to confirm the specific nature of the cyberattack, such as whether malware was deployed.
ICC spokesperson Sonia Robla did not immediately respond to TechCrunch’s questions.
The court said it has not yet confirmed who was being the cyberattack, but noted that it anticipates it will face disinformation campaigns targeting the ICC and its officials in an attempt to delegitimize its activities.
In its statement, the ICC noted that the cyberattack comes at a time of “broader and heightened security concerns” for the court. After the ICC issued arrest warrants for Russian President Vladimir Putin, Russia retaliated by issuing arrest warrants for the ICC’s president their deputy, the chief prosecutor, and one of the presiding judges.
At the same time, the ICC said it has undergone “daily and persistent attempts” to attack and disrupt its systems.
In response to the unprecedented September cyberattack, the ICC said it is strengthening its cybersecurity safeguards, which will include reinforcing its risk management framework and ensuring it has procedures in place to protect against any potential security risk to victims and witnesses.