Hackers stole contracts from cybersecurity firm Dragos Inc as part of an extortion attempt that included contacting the chief executive officer’s wife and five-year-old son, according to a company blog post, documents provided by the suspected hackers and interviews.
The firm didn’t pay the hackers, who gained access to internal documents after breaching the personal email account of a newly hired Dragos sales employee, CEO Robert M. Lee told Bloomberg News in an interview.
Dragos specialises in providing cybersecurity services for industrial control systems such as power grids, water treatment plants and pipelines.
As part of the extortion attempt, the hackers called Lee’s son on a phone the child used to communicate with his grandmother, Lee said. The boy handed the phone to his mother, who hung up, Lee said. The hackers called Lee’s wife in a separate call, he said.
The attack occurred on May 8 when a "known criminal group attempted and failed at an extortion scheme against Dragos,” according to the blog. Dragos didn’t identify the hackers.
"The criminal group gained access by compromising the personal email address of a new sales employee prior to their start date, and subsequently used their personal information to impersonate the Dragos employee and accomplish initial steps in the employee onboarding process,” the blog said. The hackers accessed resources a new sales employee typically uses, including intranet software and the Dragos contract management system.
"In one instance, a report with IP addresses associated with a customer was accessed, and we’ve reached out to the customer,” the company said in the blog, which added that Dragos prevented the hackers from deploying ransomware, believed to be the primary goal, and further infiltrating the company’s network.
The hackers also contacted other company executives on WhatsApp, and those employees didn’t engage, according to Lee and the blog post. As part of an effort to increase pressure on hacking victims, cybercriminals have been contacting company executives and occasionally family members to increase the pressure to pay an extortion fee, cybersecurity officials have said.
Bloomberg News contacted a hacker via Telegram who claimed credit for the attack and described it as opportunistic. The hacker denied contacting Lee’s son but acknowledged reaching out to his wife. The hacker claimed to have stolen 130 gigabytes worth of files from the company. Stealing documents and extorting company executives has become an increasingly common tactic among criminal hacker groups, sometimes in coordination with deploying ransomware.
The hacker provided Bloomberg with a copy of a contract between Dragos and the 67th Cyberspace Wing of the US Air Force outlining a research and development agreement. The six-page document outlines an agreement for Dragos to receive network information regarding the Department of Defense’s industrial control system environment. Lee confirmed that the contract was legitimate. William Edgar, chief of staff of the 67th Cyberspace Wing, who’s name is listed on the agreement, didn’t immediately respond to a request for comment.
Dragos said it added an additional verification step "to further harden our onboarding process and ensure that this technique cannot be repeated.” – Bloomberg