The International Criminal Court (ICC) has recently reported a complex cyberattack that was detected late last week. The incident has been contained, and the ICC is currently evaluating its extensive implications. This announcement, made public on Monday, represents the second significant cybersecurity threat the Court has faced in recent years.
Targeted Attack and Prompt Mitigation
Based in The Hague, the ICC characterized the breach as a “sophisticated and targeted cyber security incident.” Its internal monitoring systems identified the intrusion quickly, which facilitated immediate confirmation and containment of the threat. Currently, a thorough analysis is underway to fully gauge the impact on the Court’s technological infrastructure. Measures are being implemented to mitigate adverse effects, with the Court underscoring its commitment to transparency with the public and its member states, emphasizing the importance of their ongoing support in upholding its judicial mandate.
Wider Context and Previous Attacks
This cyberattack coincided with the NATO summit held in The Hague, during which Dutch cybersecurity officials reported a series of Distributed Denial-of-Service (DDoS) attacks targeting local governmental bodies and various organizations. These attacks aimed to cripple systems by overwhelming them with traffic and were attributed to pro-Russian hacker groups. Furthermore, on June 24, 2025, a significant power outage disrupted train services across the Netherlands, with investigations suggesting potential sabotage. This outage notably impacted Schiphol Airport, damaging approximately 30 cables due to a fire, and affected train routes linking Amsterdam and Utrecht, located about 50 kilometers away from the NATO summit’s venue. In 2023, the ICC experienced a similar type of “targeted and sophisticated” cyber incident, suspected to be an espionage attempt.
The timing of this latest breach is particularly critical as the ICC is currently managing high-profile cases, including arrest warrants for Russian President Vladimir Putin, Israeli Prime Minister Benjamin Netanyahu, and Hamas leader Ibrahim ‘Deif’ Al-Masri. The Court has garnered heightened scrutiny following its recent issuance of arrest warrants against Netanyahu and his former defense minister, Yoav Gallant, in connection with Israel’s military operations in Gaza.
In a related turn of events, the Trump administration had previously sanctioned the ICC’s Chief Prosecutor, Karim Khan, amid an email access issue involving Microsoft earlier this year. In early June, U.S. Secretary of State Marco Rubio announced sanctions against four ICC judges linked to the Court’s ongoing investigations and arrest warrants.
Analyzing the potential tactics employed in this cyberattack through the MITRE ATT&CK framework reveals that adversary approaches such as initial access and persistence could have been leveraged. Given the sophistication of the breach, techniques targeting privilege escalation may also be relevant for deeper infiltration. Understanding these tactics and the underlying motivations is critical for organizations as they assess their cybersecurity posture in an increasingly hostile digital landscape.
