CloudSEK Pins Blame for Hack on Other Cybersecurity FirmIndian Firm Accuses 'Notorious Cyber Security Company' in Ongoing Incident
An Indian cybersecurity firm accused another cybersecurity outfit of using a compromised collaboration platform credential to obtain access to its internal training site.
Rahul Sasi, the CEO of Bengaluru-based CloudSEK, did not identify the alleged perpetrator other than to characterize it as a "notorious Cyber Security company that is into Dark web monitoring."
CloudSEK, which says it uses artificial intelligence to predict cyberthreats, late Tuesday night posted an update to an ongoing cybersecurity incident by stating that someone obtained an employee's login credentials for the company's Atlassian Jira issue-tracking platform and used them to access the company's Atlassian Confluence server.
The attacker took "some internal details like screenshots, bug reports, names of customers and schema Diagrams," but "no database or server access was compromised," Sasi wrote.
An update from Sasi posted approximately two hours later said attack indicators led back to the unidentified dark web monitoring company.
Sasi also wrote that a hacker going by the moniker "sedut" joined a number of cybercrime forums and contested the hacker's assertions to have accessed the company VPN as well as its main database and its Twitter account. A hacker did have access to its Jira instance and did obtain some customer purchase orders, CloudSek acknowledges.
The hacker did not obtain access to the company's main Twitter account but did compromise an account used to perform takedowns, the company says. Purported screenshots and video of the database posted online by "sedut" were really taken from training webpages hosted on Atlassian platforms, it adds. The company says the hacker did not obtain VPN credentials but did gain access to its VPN IP addresses.
As for how the employee's Jira credential was compromised in the first place, the company says it sent a malfunctioning employee laptop to a third-party vendor and when the laptop was returned, it was loaded with the Vidar Stealer. CloudSEK says its attacker purchased the employee's session cookies the same day the info stealer operator uploaded them to a criminal marketplace.
A criminal forum contains a post from a "sedut" that offers to sell purported CloudSek data - $10,000 for the database, $8,000 for the code base and $8,000 for employee and engineering product documentation. CloudSEK says it has found "no suspicious activity" in its code repositories.
"Not state sponsored (please hire me, lol). Here only to make money. All about that money, baby," wrote "sedut" in the post.