Measures taken following the unprecedented cyber-attack on the ICC

Five weeks ago, the International Criminal Court detected a serious cyber security incident, thanks to the alert mechanism provided by its monitoring system. The ICC has made various and serious efforts to address this attack. The Court deems it is its responsibility to continue to inform about these efforts and to provide the relevant additional information on the attack itself. 

As soon as the incident was confirmed, steps were taken to mitigate its effects by initiating an immediate incident response with the support of the Netherlands, the Host State, and external cyber security experts. This included forensic analysis of the incident, its causes and its impact, and initial mitigating measures. 

The evidence available thus far indicates a targeted and sophisticated attack with the objective of espionage. The attack can therefore be interpreted as a serious attempt to undermine the Court’s mandate.  

Based on the forensic analysis carried out, the Court has already taken and will continue to take all necessary steps to address any compromise to data belonging to individuals, organisations and States. Should evidence be found that specific data entrusted to the Court has been compromised, those affected would be contacted immediately and directly by the Court. For the Court, the safety of its data and maintaining trust with all of its stakeholders are paramount. 

With the information currently available it is not presently possible for the Court to confirm who is responsible for the attack. The Dutch law enforcement authorities are currently conducting a criminal investigation.

As a result of the attack, the Court is reinforcing its risk management framework and identifying actions and procedures to be ready to respond to any potential repercussions from the cyber-attack including any potential security risk to victims and witnesses, Court officials and the Court’s operations.

As part of broader assessment into potential actions by threat actors, the Court has also identified that disinformation campaigns targeting the ICC and its officials may be anticipated to be launched in an effort to tarnish the ICC image and delegitimize its activities.

The Court is also accelerating a number of existing initiatives aimed at enhancing digital security.

This latest attack comes at the time of broader and heightened security concerns for the Court: several elected officials, including Judges of the Court and the Prosecutor, have had criminal proceedings initiated against them; the Court has recently undergone daily and persistent attempts to attack and disrupt its systems; and the Court averted an almost successful attempt to infiltrate a hostile intelligence officer into the Court under the guise of an intern.  

The Court wishes to emphasise its utmost gratitude for the numerous expressions of support received from its States Parties and other international organisations, a number of whom have experienced similar cyber incidents in the past. The Court looks forward to cooperating with them and working together in addressing the increasing risk of cyber-attacks and the need to protect our institution to ensure its capacity to implement the ICC’s critical mandate of justice and accountability, which is a shared responsibility of all States Parties.  

For further information, please contact Sonia  Robla, Chief of the Public Information and Outreach Section, International Criminal Court, by telephone at+31 (0)6 46448726  or by e-mail at: [email protected]

You can also follow the Court's activities on Instagram, Facebook, YouTube and Flickr