Hackers contacted cybersecurity firm CEO’s son, wife in extortion attempt


As part of the extortion attempt, the hackers called Lee’s son on a phone the child used to communicate with his grandmother, Lee said. The boy handed the phone to his mother, who hung up, Lee said. The hackers called Lee’s wife in a separate call, he said. — AFP Relaxnews

Hackers stole contracts from cybersecurity firm Dragos Inc as part of an extortion attempt that included contacting the chief executive officer’s wife and five-year-old son, according to a company blog post, documents provided by the suspected hackers and interviews.

The firm didn’t pay the hackers, who gained access to internal documents after breaching the personal email account of a newly hired Dragos sales employee, CEO Robert M. Lee told Bloomberg News in an interview.

Dragos specialises in providing cybersecurity services for industrial control systems such as power grids, water treatment plants and pipelines.

As part of the extortion attempt, the hackers called Lee’s son on a phone the child used to communicate with his grandmother, Lee said. The boy handed the phone to his mother, who hung up, Lee said. The hackers called Lee’s wife in a separate call, he said.

The attack occurred on May 8 when a "known criminal group attempted and failed at an extortion scheme against Dragos,” according to the blog. Dragos didn’t identify the hackers.

"The criminal group gained access by compromising the personal email address of a new sales employee prior to their start date, and subsequently used their personal information to impersonate the Dragos employee and accomplish initial steps in the employee onboarding process,” the blog said. The hackers accessed resources a new sales employee typically uses, including intranet software and the Dragos contract management system.

"In one instance, a report with IP addresses associated with a customer was accessed, and we’ve reached out to the customer,” the company said in the blog, which added that Dragos prevented the hackers from deploying ransomware, believed to be the primary goal, and further infiltrating the company’s network.

The hackers also contacted other company executives on WhatsApp, and those employees didn’t engage, according to Lee and the blog post. As part of an effort to increase pressure on hacking victims, cybercriminals have been contacting company executives and occasionally family members to increase the pressure to pay an extortion fee, cybersecurity officials have said.

Bloomberg News contacted a hacker via Telegram who claimed credit for the attack and described it as opportunistic. The hacker denied contacting Lee’s son but acknowledged reaching out to his wife. The hacker claimed to have stolen 130 gigabytes worth of files from the company. Stealing documents and extorting company executives has become an increasingly common tactic among criminal hacker groups, sometimes in coordination with deploying ransomware.

The hacker provided Bloomberg with a copy of a contract between Dragos and the 67th Cyberspace Wing of the US Air Force outlining a research and development agreement. The six-page document outlines an agreement for Dragos to receive network information regarding the Department of Defense’s industrial control system environment. Lee confirmed that the contract was legitimate. William Edgar, chief of staff of the 67th Cyberspace Wing, who’s name is listed on the agreement, didn’t immediately respond to a request for comment.

Dragos said it added an additional verification step "to further harden our onboarding process and ensure that this technique cannot be repeated.” – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Next In Tech News

Japan's antitrust watchdog to find Google violated law in search case, Nikkei reports
Is tech industry already on cusp of artificial intelligence slowdown?
What does watching all those videos do to kids' brains?
How the Swedish Dungeons & Dragons inspired 'Helldivers 2'
'The Mind Twisting Quadroids' review: Help needed conquering the galaxy
Albania bans TikTok for a year after killing of teenager
As TikTok runs out of options in the US, this billionaire has a plan to save it
Google offers to loosen search deals in US antitrust case remedy
Is Bluesky the new Twitter for teachers in the US?
'Metaphor: ReFantazio', 'Dragon Age', 'Astro Bot' and an indie wave lead the top video games of 2024

Others Also Read