To investigators, the threat actor activity resembled legitimate activity, so they didn’t catch on until it was too late. This was done before LastPass reset the system following the first attack.
RELATED: Protect your phone: Steps to take if your device is lost, stolen, or broken What we know nowĭuring the second attack, the threat actor used information gleaned from the first to steal credentials from one of the four senior DevOps engineers with access to the shared folders containing decryption keys.
The virtual storage contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers and IP addresses from which customers accessed LastPass. The hackers then launched a phishing campaign against an employee, obtaining credentials and keys, which they used to access and decrypt storage volumes within the cloud-based storage service.
0 kommentar(er)
