"Hackers behind the Salesloft Drift breach had access to the company's GitHub account for several months before waging a flurry of attacks, the company has revealed. The breach, which has been attributed to the UNC6395 hacking group, led to a series of attacks this summer that affected hundreds of companies including Google, Zscaler, Cloudflare, and Palo Alto Networks. Attackers were able to access secrets including AWS access keys, passwords, Snowflake-related access tokens, and sales data."
"Mandiant was initially hired to investigate the root cause and scope of the incident, and to help Salesloft with containment and remediation - after which it was asked to verify the segmentation between the Drift and Salesloft environments. Between March and June this year, Mandiant found the threat actor(s) accessed the Salesloft GitHub account, using this access to download content from multiple repositories, add a guest user, and establish workflows. At the same time, the investigation found attackers were carrying out reconnaissance activities in Salesloft and Drift application environments."
Threat actors accessed Salesloft's GitHub account for several months before launching a flurry of attacks attributed to UNC6395. The campaign affected hundreds of companies, including Google, Zscaler, Cloudflare, and Palo Alto Networks. Attackers obtained secrets such as AWS access keys, passwords, Snowflake-related tokens, and sales data. Mandiant was engaged to investigate root cause, scope, containment, and remediation, and to verify segmentation between Drift and Salesloft environments. Between March and June, attackers downloaded repository content, added a guest user, and established workflows while conducting reconnaissance in Salesloft and Drift environments. Attackers accessed Drift's AWS environment and used OAuth tokens to retrieve customer integration data. The incident has been reported as contained and the engagement has shifted to forensic quality assurance review.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]