According to vx-underground, a threat actor named KyivWarrior claims to be behind the Dragos breach.
“On May 8, 2023, a known cybercriminal group attempted and failed at an extortion scheme against Dragos. No Dragos systems were breached, including anything related to the Dragos Platform,” the company said.
The intruder claims to have the confidential data of Dragos; it has yet to state which ransomware group it belongs to.
The criminal organization gained entry by compromising the personal email address of a newly hired sales staff member before their official commencement. It subsequently utilized their details to impersonate the Dragos employee and complete initial tasks in the employee onboarding procedure.
Following the breach of Dragos’ SharePoint cloud platform, the attackers obtained and retrieved “general purpose data” and managed to retrieve 25 intelligence reports that were typically exclusive to customers.
Throughout the 16-hour period in which they had control over the employee’s account, the threat actors were unsuccessful in accessing various other Dragos systems, including its messaging, IT support desk, financial, request for proposal (RFP), employee recognition, and marketing systems, primarily due to the implementation of role-based access control (RBAC) regulations.
After their unsuccessful attempt to penetrate the company’s internal network, the criminals dispatched an extortion email to Dragos executives approximately 11 hours into the attack. Due to it being sent outside of regular business hours, the message was only read 5 hours later.
Five minutes after reading the extortion message, Dragos deactivated the compromised user account, terminated all ongoing sessions, and barred the cybercriminals’ infrastructure from gaining access to company assets.
Dragos being responsible, implemented an extra authentication measure to reinforce the robustness of their onboarding process and guarantee the prevention of a recurrence of this method. They committed to avoiding engagement with cybercriminals in future.
With this claim made by KyivWarrior comes new challenges for Dragos. They should take some actions to learn about their claim’s authenticity and take action accordingly.