An Indian cybersecurity company claimed that another cybersecurity company had accessed its internal training website using a credential from a compromised collaboration platform.
The CEO of Bengaluru-based CloudSEK, Rahul Sasi, declined to name the alleged offender other than to describe it as a "notorious Cyber Security organization that is into Dark web monitoring."
An update to an ongoing cybersecurity incident was posted late Tuesday night by CloudSEK, which claims to use artificial intelligence to predict cyber threats. It stated that someone had obtained an employee's login information for the company's Atlassian Jira issue-tracking platform and used it to access the Atlassian Confluence server.
Although "no database or server access was stolen," Sasi noted, the attacker grabbed "certain internal details including screenshots, issue reports, names of clients, and schema Diagrams."
About two hours later, Sasi filed an update stating that attack indicators had pointed to the unnamed dark web monitoring firm.
Sasi also reported that a hacker going by the handle "sedut" joined several forums for cybercriminals and refuted claims that they had gained access to the company's VPN, primary database, and Twitter account. CloudSEK acknowledges that a hacker did gain access to its Jira instance and retrieve some customer purchase orders.
The company claims the hacker compromised a takedown account but was unable to reach the company's primary Twitter account. It continues that the allegedly authentic screenshots and video of the database that "sedut" released online was really stolen from training webpages that were published on Atlassian servers. The business claims that while the hacker did not obtain VPN login credentials, they did access its VPN IP addresses.
Concerning how the employee's Jira credentials were hacked in the first place, the business claims that it shipped a broken staff laptop to a third-party vendor, who then returned it with the Vidar Stealer pre-installed. According to CloudSEK, the information thief operator published the employee's session cookies to a black market on the same day that the attacker bought them.
An advertisement for supposed CloudSEK data has been posted in a criminal forum by a "sedut": $10,000 for the database, $8,000 for the code base, and $8,000 for employee and engineering product documentation. No "suspicious behavior" has been discovered, according to CloudSEK, in its code repositories.