Tuesday, June 25, 2024
HomeCyber SecurityCylance confirms information breach linked to 'third-party' platform

Cylance confirms information breach linked to ‘third-party’ platform


Cybersecurity firm Cylance confirmed the legitimacy of knowledge being bought on a hacking discussion board, stating that it’s outdated information stolen from a “third-party platform.”

A risk actor referred to as Sp1d3r is promoting this stolen information for $750,000, as first noticed by Darkish Net Informer.

The info allegedly features a substantial quantity of knowledge, akin to 34,000,000 buyer and worker emails and personally identifiable data belonging to Cylance clients, companions, and staff.

Nevertheless, researchers have advised BleepingComputer that the leaked samples seem like outdated advertising and marketing information utilized by Cylance.

BlackBerry Cylance advised BleepingComputer that they are conscious of and investigating the risk actor’s claims however that no “BlackBerry information and methods associated to [..] clients, merchandise, and operations have been compromised.”

“Based mostly on our preliminary critiques of the info in query, no present Cylance clients are impacted, and no delicate data is concerned,” the corporate added.

“The info in query was accessed from a third-party platform unrelated to BlackBerry and seems to be from 2015-2018, predating BlackBerry’s acquisition of the Cylance product portfolio.”

Cylance data for sale
Cylance information on the market (Darkish Net Informer)

​Hyperlinks to Snowflake assaults

Whereas the corporate has but to answer to a follow-up request for extra particulars relating to the title of the third-party platform that was breached to steal what it claims to be outdated information, the identical risk actor can also be promoting 3TB of knowledge from automotive aftermarket components supplier Advance Auto Components, stolen after breaching the corporate’s Snowflake account.

BleepingComputer confirmed that Cylance is a Snowflake buyer, with the online administration console situated at https://cylance.snowflakecomputing.com/.

Current breaches at SantanderTicketmaster, and QuoteWizard/Lendingtree have additionally been linked to Snowflake assaults. Ticketmaster’s dad or mum firm, Stay Nation, additionally confirmed that an information breach had affected the ticketing agency after its Snowflake account was compromised on Could 20.

In a joint advisory with CrowdStrike and Mandiant, Snowflake mentioned that attackers had used stolen buyer credentials to focus on accounts with out multi-factor authentication safety.

In the present day, Mandiant printed a report linking the Snowflake assaults to a financially motivated risk actor it tracks as UNC5537. The actor gained entry to Snowflake buyer accounts utilizing buyer credentials stolen in infostealer malware infections from way back to 2020.

Mandiant has been monitoring the UNC5537 since Could 2024. The financially motivated risk actor has focused lots of of organizations worldwide, extorting victims for monetary achieve.

UNC5537 attack timeline
UNC5537 Snowflake assault timeline (Mandiant)

Whereas Mandiant has not shared a lot details about UNC5537, BleepingComputer has discovered they’re half of a bigger neighborhood of risk actors who frequent the identical web sites, Telegram, and Discord servers, the place they generally collaborate on assaults.​

“The impacted accounts weren’t configured with multi-factor authentication enabled, that means profitable authentication solely required a sound username and password,” Mandiant mentioned.

“Credentials recognized in infostealer malware output had been nonetheless legitimate, in some instances years after they had been stolen, and had not been rotated or up to date. The impacted Snowflake buyer situations didn’t have community enable lists in place to solely enable entry from trusted places.”

Mandiant says it has recognized lots of of buyer Snowflake credentials uncovered in Vidar, RisePro, Redline, Racoon Stealer, Lumm, and Metastealer infostealer malware assaults since not less than 2020.

To this point, Snowflake and Mandiant have notified round 165 organizations doubtlessly uncovered to those ongoing assaults.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments