During NATO summit, International Criminal Court hit with cyber attack

International Criminal Court faces sophisticated cyberattack during NATO summit

The International Criminal Court (ICC), based in The Hague, Netherlands, was hit by a “sophisticated and targeted” cyberattack last week, coinciding with a major NATO leaders’ summit held in the same city. The attack, which the ICC announced on June 30, 2025, has raised concerns about the security of the global tribunal’s sensitive operations^[1].

According to the ICC, the incident was detected “late last week” and has been contained, though the court has not disclosed specific details about the impact or potential motives. “A Court-wide impact analysis is being carried out, and steps are already being taken to mitigate any effects of the incident,” the ICC stated, emphasizing efforts to ensure business continuity. Fadi El Abdallah, the court’s spokesman, told The Associated Press, “All necessary measures have been taken to ensure the business continuity.”

The timing of the attack, during a summit of 32 NATO leaders, has drawn attention due to the heightened security measures in place, including protections against cyberattacks. Dutch cybersecurity authorities reported a series of distributed denial-of-service (DDoS) attacks targeting local governments and institutions in the lead-up to and during the summit.

These attacks, claimed by pro-Russian hacktivist groups, were limited in impact but underscored the tense cyber environment surrounding the event. A separate power outage that disrupted train traffic across the Netherlands on June 24, 2025, is also under investigation, with the Dutch justice minister noting that sabotage could not be ruled out as a cause.

History of cyber threats at the ICC

This is not the first time the ICC has faced cyber threats. In 2023, the court was targeted by a cyberattack believed to be an espionage attempt, which left its purpose-built headquarters without fully restored Wi-Fi services even two years later. The recurrence of such incidents highlights the ICC’s vulnerability as a high-profile institution handling sensitive international cases.

In 2022, Dutch intelligence agencies foiled a plot by a Russian spy using a false Brazilian identity to infiltrate the ICC as an intern, further illustrating the court’s exposure to espionage risks. “The ICC has been a target in the past, and this latest attack shows the persistent threats it faces,” noted a cybersecurity expert familiar with the court’s operations.

The ICC’s ongoing investigations into high-profile cases may make it a prime target for cyberattacks. The court is currently examining allegations of Russian war crimes in Ukraine and has issued an arrest warrant for Russian President Vladimir Putin, accusing him of personal responsibility for the abductions of children from Ukraine. Additionally, the ICC has issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu and his former defense minister, Yoav Gallant, over Israel’s military campaign in Gaza^[2].

These actions have drawn significant international attention and, in some cases, retaliation. For instance, U.S. President Donald Trump imposed sanctions on ICC Chief Prosecutor Karim Khan in February 2025 and later sanctioned four ICC judges, while Khan also lost access to his Microsoft-provided email account in May 2025, prompting calls in Europe to reduce reliance on American technology for critical communications.

Broader implications for cybersecurity

The cyberattack on the ICC underscores broader challenges in securing international institutions against increasingly sophisticated cyber threats. The incident’s timing during the NATO summit, coupled with the reported DDoS attacks claimed by pro-Russian groups, suggests a possible geopolitical motive, though the ICC has not confirmed this.

The court’s refusal to disclose whether confidential information was compromised has fueled speculation about the potential fallout. “The lack of transparency about the breach’s impact raises questions about the security of sensitive data,” said a Dutch cybersecurity official, speaking anonymously due to the ongoing investigation.

The ICC’s experience reflects a growing trend of cyberattacks targeting critical institutions, as seen in recent reports of North Korean schemes involving fake IT workers and Iran’s orders for officials to abandon connected devices. As NATO plans to bolster its cybersecurity budget, the attack on the ICC serves as a stark reminder of the need for robust defenses.

“Europe is arming itself against cyber catastrophe,” said Antoaneta Roussi, a journalist covering the incident, pointing to EU efforts to train with militaries, industry, and NATO to counter large-scale cyberattacks. The ICC’s ongoing impact analysis and mitigation efforts will likely shape future strategies to protect the court and similar institutions from cyber threats in an increasingly volatile digital landscape.