![]() ![]() ![]() The February update by LastPass follows another significant update to the incident in December, when it shared that an unknown threat actor accessed a cloud-based storage environment leveraging information obtained from the August incident. The bad actor was able to capture the employee’s master password using the keylogger malware after the employee authenticated with MFA to gain access to the engineer’s LastPass corporate vault. 12 by targeting one of the engineers’ home computers by exploiting a vulnerable third-party media software package and gained remote code execution capability (RCE) to install a keylogger. ![]() Eventually, AWS GuardDuty Alerts informed LastPass of “anomalous behavior as the threat actor attempted to use Cloud Identity and Access Management (IAM) roles to perform unauthorized activity.”īecause the cloud-based storage services were encrypted - notably AWS S3 buckets - and only four DevOps engineers had access to the decryption keys, the threat actor made quick use of the stolen credentials after Aug. Since the threat actor used valid credentials to access the cloud-based storage resources, it made it difficult for investigators to differentiate between threat-actor and legitimate activity. 12, 2022, but the threat actor “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activities aligned to the cloud storage environment spanning from Augto October 26, 2022.” 27 update to the security incident, the password manager firm said it had high confidence the first incident ended Aug. LastPass said an engineer’s home PC was hacked after an August security incident, which allowed the threat actor to later access decryption keys needed to access the DevOps engineer’s corporate vault and exfiltrate data from cloud-storage resources. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |