Tracing the Red Cross Hack to a Misinformation Network | WhoisXML API

Threat Reports

From Fake News Proliferation to Data Theft: Tracing the Red Cross Hack to a Misinformation Network

The cyber attack against the International Committee of the Red Cross (ICRC) exposed the data belonging to more than 500,000 people worldwide.1 While no indicators of compromise (IoCs) have been publicized so far, an interesting link to a fake news network was revealed by security researcher Brian Krebs.2

Building on this connection, WhoisXML API researchers gathered other email addresses named in a related Federal Bureau of Investigation (FBI) website seizure affidavit.3 Our analysis dove into:

  • 650+ domains containing the email addresses in their historical WHOIS records
  • 270+ IP resolutions pointing to 190+ unique IP addresses
  • 820+ connected domains sharing the IP addresses

Download the threat research materials containing the cyber resources and other data points building on the link between the Red Cross hack and the misinformation network.


  • [1]
  • [2]
  • [3]
Try our WhoisXML API for free
Get started