CircleCi has confirmed that a security incident was recently investigated malware-Powered Grand Theft Data.
The company announced the news in a blog post(Opens in a new window)This document described what happened recently, what it did in order to minimize the damage and how it plans for future safety.
Blog post claimed that code-stealing malware infected a high-ranking employee’s laptop, giving attackers access to the kingdom.
Data theft can go on for weeks
It seems that the malware worked. End pointEven though antivirus software has been installed on the device, it is not infected. The tool was used to obtain session tokens, which kept an employee logged in to certain applications.
Even if a user logs into an application with a password or multi-factor authentication (MFA), some apps drop session keys that allow users to remain logged in for extended periods of the app. In other words, the attackers bypassed any MFA created by the company by stealing the session keys.
It was then a matter of gaining access to the right production systems to place sensitive data at risk.
The blog notes that “Because the target employee was granted privileges to create production tokens as part his normal duties, the unauthorized third party was able access and pull information from a subset databases and stores, which includes client environment variables tokens and keys.”
These threat actors have been in CircleCI’s infrastructure for approximately three weeks, from December 16, 2022 to February 4, 2023.
Even though the data was encrypted, it didn’t help much as the attackers also got the encryption keys.
The blog concluded, “We encourage customers to take action if they have not done so yet to prevent unauthorized entry to third-party systems or stores.”
CircleCi asked its customers for their secrets. They can be stored as contexts or project environment variables.
via: Techcrunch(Opens in a new window)
[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]