The Red Cross has tracked the cause of their hack to a vulnerability in the Zoho software they were using (CVE-2021-40539). Having bypassed the authentication processes, the attackers had administrator access to the system and compromised the online system that the Red Cross use to reconnect families separated in crisis situations.
It is believed it was a state sponsored attack.
Red Cross blames hack on Zoho vulnerability, suspects APT attack – The Record by Recorded Future
If you use Zoho, then just check all your systems are patched and up-to-date.
Clive Catton MSc (Cyber Security) – by-line and other articles