"Ransomware Group Tries and Fails to Extort Security Vendor Dragos"

A cybercrime group that managed to compromise the cloud-based resources of a cybersecurity vendor tried to extort the company by threatening family members, the company has revealed.  Dragos said it was hit on May 8 after threat actors compromised the email account of a new sales employee prior to their start date.  The company noted that the cybercrime group used the employee’s personal information to impersonate them and complete some basic onboarding.  This got them as far as access to the company SharePoint account and contract management system, but no further.  However, after failing to deploy a ransomware payload or steal more sensitive information, the group apparently resorted to trying to extort Dragos executives to avoid public disclosure.  The company stated that although no Dragos contact responded, the group repeatedly tried to up the pressure, contacting multiple publicly known Dragos employees and trying to use knowledge of family members to force a response.  The cybercriminals’ texts demonstrated research into family details as they knew the names of family members of Dragos executives.  However, they referenced fictitious email addresses for these family members.  The company noted that during this time, the cybercriminals also contacted senior Dragos employees via personal email.  Dragos stated that once the hackers were identified via the vendor’s security information and event management (SIEM) tool, it blocked the compromised account and activated third-party incident response and MDR.  Security controls prevented any malicious actor lateral movement, privilege escalation, persistent access, or changes to the firm’s infrastructure, Dragos said.

Infosecurity reports: "Ransomware Group Tries and Fails to Extort Security Vendor Dragos"