Amazon had noticed "anomalous behavior" when the attacker tried to use Cloud Identity and Access Management (IAM) roles to perform the unauthorized activity and notified LastPass. The hacker exploited the first event's data to exfiltrate the data kept in the S3 buckets during the second incident. As a result, it wasn't first apparent to investigators that the two were connected. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault."Īccording to Monday's report, the first event's tactics, techniques, and processes were distinct from those utilized in the second incident. "This was accomplished by targeting the DevOps engineer's home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware," LastPass wrote. The vault gave access to a shared cloud-storage environment containing encryption keys for customer vault backups stored in Amazon S3 buckets. Now, in a report on Tuesday, the company said that the same attacker had hacked an employee's home computer and stole a decrypted vault available to only a handful of company developers. ![]() ![]() Some customer data was accessed, but LastPass said passwords remained safe due to its encrypted architecture. The company reported a security incident in August 2022, saying an unauthorized party gained access to a third-party cloud-based storage service that LastPass uses to store archived backups.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |