"The incident took place on January 29, 2026, when a mail server that was not updated to the latest version was compromised, the company's Chief Commercial Officer, Derek Curtis, said. "Prior to the breach, we had approximately 30 servers/VMs with SmarterMail installed throughout our network," Curtis explained. "Unfortunately, we were unaware of one VM, set up by an employee, that was not being updated. As a result, that mail server was compromised, which led to the breach.""
"About 12 Windows servers on the company's office network, as well as a secondary data center used for quality control (QC) tests, are confirmed to be affected. According to its CEO, Tim Uzzanti, the "attempted ransomware attack" also impacted hosted customers using SmarterTrack. "Hosted customers using SmarterTrack were the most affected," Uzzanti said in a different Community Portal threat. "This was not due to any issue within SmarterTrack itself, but rather because that environment was more easily accessible than others once they breached our network.""
An unpatched SmarterMail virtual machine allowed the Warlock (Storm-2603) ransomware group to breach SmarterTools on January 29, 2026. The attackers used that compromised mail server to move laterally and impact about 12 Windows servers on the office network and a secondary QC data center. Hosted customers using SmarterTrack were particularly affected because that environment was more accessible after the breach. The threat actors gained control of Active Directory, created new users, and deployed additional payloads including Velociraptor and a locker to encrypt files. SmarterTools stated its website, shopping cart, My Account portal, and business applications and account data were not compromised. Attackers typically waited about 6–7 days after initial access before taking further action.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]