"Second, we have uncovered a small number of customer accounts with evidence of prior compromise that is independent of and predates this incident, potentially as a result of social engineering, malware, or other methods."
"From there, they were able to pivot into a Vercel environment, and subsequently maneuvered through systems to enumerate and decrypt non-sensitive environment variables."
"We now understand that the threat actor has been active beyond that startup's compromise. Threat intel points to the distribution of malware to computers in search of valuable tokens like keys to Vercel accounts and other providers."
Vercel discovered more compromised customer accounts during an investigation into a security incident. This included reviewing network requests and logs. Some accounts showed evidence of prior compromise, possibly due to social engineering or malware. A breach originated from Context.ai, where an employee's Google Workspace account was compromised, allowing access to Vercel. Further investigation revealed a Context.ai employee was infected with Lumma Stealer, which may have initiated the malicious actions. Vercel's CEO noted ongoing threats targeting valuable tokens across various accounts.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]