Dragos, an information security company, was recently attacked by a cybercrime organization, and the attackers tried to blackmail. The company discovered on May 8 that known cybercriminal groups were attempting to hack into their systems. Fortunately, the attack was unsuccessful, and Dragos confirmed that its system was not compromised.
The criminal organization targeted a new business person who was about to join Dragos. The hackers gained access to the employee’s email before onboarding and completed the entire onboarding process. They also further accessed the employee’s SharePoint system and contract management system and read a survey report containing the customer’s IP address. Dragos has informed potentially affected customers of their situation.
In response to the identity of the attackers, Dragos revealed that the group uses ransomware to encrypt archives. This time, the hack threatened to harm Dragos’ executives and their families before they succeeded. To prevent similar attacks from happening again, Dragos has added additional verification procedures to the onboarding process for new employees.