"We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel."
"The attacker used that access to hijack the employee's Vercel Google Workspace account to drill into the company's systems. From there, the hacker poked around environment variables - including ones not marked as sensitive."
"Researchers at Hudson Rock point to a February infostealer infection as the likely starting point, with Lumma stealer malware lifting corporate credentials from an employee's machine."
"Vercel says customer environment variables are encrypted at rest, but it also allows some to be marked as 'non-sensitive.' That distinction looks to have mattered once the attacker got inside."
Vercel experienced a security breach likely aided by AI, according to CEO Guillermo Rauch. The intrusion began with a compromised employee account linked to Context.ai, allowing the attacker to access the company's systems. The attacker exploited environment variables, including non-sensitive ones, to gain deeper access. Rauch noted the sophistication of the attackers and their rapid movement. Researchers identified a February infostealer infection as the probable starting point, with Lumma stealer malware compromising corporate credentials. Vercel believes the number of affected customers is limited and has advised them to rotate credentials and review access logs.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]