Cybersecurity firm gives laptop for servicing leading to data breach

It’s sound strange, but a security firm that reported a cyber incident fell prey to a cyber incident within a few hours of its first incident report. Indian-based cybersecurity firm CloudSEK based in Bengaluru issued a press statement last week that data related to a Tirupati based Sree Saran Medical Centre was available for sale on the dark web.

And just after a few hours of its report, the forensic firm itself became a victim of a serious data breach.

Going deep into the details, CloudSEK gave an employee’s laptop for servicing to a vendor named ‘Axiom’ and the hardware engineers of the said firm repaired it and returned the laptop with a fresh Windows OS loaded and operating on it.

What CloudSEK missed out in this whole saga is to recheck the computing device about anything strange installed in it and this became now a topic of an extensive discussion on technology related discussion forums.

For some reason, the device was planted with a stealer log malware and returned to the Artificial Intelligence Powered Digital Risk Protection company. And from then on, all the activity conducted on the laptop was transmitted to remote servers as a batch file and all Jira passwords and credentials were transferred to the hacker’s device network.

Reports are in that the attack gave access to the threat actors to sensitive info such as few customer names and purchase orders from 3 big firms stored on Confluence servers.

As of now, no other info seems to be accessed or leaked to the hackers. And all the leaked details were sold on the same day of the hack.

It is unclear whether any insider from Axiom firm was involved in this whole saga of information leak or it happened without the knowledge of the company as an unnamed company related to security sector is being figured as the chief suspect.

More details will be updated shortly after confirmation!

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display