“The group accessed resources a new sales employee typically uses in SharePoint and the Dragos contract management system,” said Dragos. The group then used the new hire's personal information to impersonate the employee and undergo several initial steps in the employee onboarding process. “We want to share this experience with the community, describe how we prevented it from being much worse, and, hopefully, help de-stigmatize security events.”Īccording to Dragos, on Monday the group started the attack by compromising the personal email address of an incoming sales employee before the new hire started with the company. “No Dragos systems were breached, including anything related to the Dragos Platform,” according to Dragos in a Wednesday statement. Its subsequent attempt to then extort Dragos was also unsuccessful, said the company. However, the group failed to breach the firm’s internal network and was not able to launch ransomware. The cybercriminal group impersonated a newly hired employee in order to gain access to some general resources available to new Dragos sales employees, 25 Dragos intel reports (normally available to customers) and its contract management system. Earlier this week, a known cybercriminal group unsuccessfully attempted to launch an extortion attack against Dragos, the industrial cybersecurity firm said on Wednesday.
0 kommentar(er)
