Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Cyber firm Dragos targeted by known threat group

Hackers have attempted to infiltrate the network of Dragos, a cyber security firm based in the US.

user icon Daniel Croft
Fri, 12 May 2023
Cyber firm Dragos targeted by known threat group
expand image

According to the firm, the unnamed but reportedly “known” criminal group attempted to access its internal network in an attempt to encrypt devices as part of a ransomware attack. The threat group was unsuccessful in breaching the company’s cyber security platform or internal network.

“On May 8, 2023, a known cyber criminal group attempted and failed at an extortion scheme against Dragos,” the company said in a statement.

“No Dragos systems were breached, including anything related to the Dragos Platform.”

============
============

However, Dragos revealed that the threat group did actually gain access to its SharePoint cloud service and contract management system by gaining the personal credentials of a new employee prior to their start.

This allowed them to “impersonate the Dragos employee and accomplish initial steps in the employee onboarding process”.

Dragos said that this allowed the threat actor to access the resources available to the user in SharePoint and the Dragos contract management system.

As a result, while the main objective of the group to deploy ransomware was thwarted, the hackers began sending Dragos executives direct messages, alluding to having researched personal information such as family member details.

In addition, senior executives were contacted via personal emails. Dragos chief executive and founder Robert M. Lee said that the techniques used by criminals in the messages sent to executives are proof that the criminals were not getting what they wanted and were getting frustrated.

Dragos decided that “the best response was to not engage with the criminals”, and it has taken a stance against paying cyber criminals the ransom fees they requested.

“While the external incident response firm and Dragos analysts feel the event is contained, this is an ongoing investigation,” continued Dragos.

“The data that was lost and likely to be made public because we chose not to pay the extortion is regrettable.

“However, it is our hope that highlighting the methods of the adversary will help others consider additional defenses against these approaches so that they do not become a victim to similar efforts.”

Dragos has said that it is taking a number of steps to prevent similar incidents in the future, including adding additional verification steps in its onboarding process to prevent a repeat of this incident.

It has also said that it will look to expand the use of multi-step access approval, a technique that was responsible for blocking other access attempts.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.