Indian IB company Cloudsek reported that unknown hackers gained access to the server Confluence using Stolen accounting data from the Jira account of one of the employees. Although some internal information was deleted from Vika Confluence, the company claims that the attackers were not able to compromise its databases. The internal and educational documentation, Confluence pages, as well as scripts for automation with open source, connected to Jira.
fell into the hands of cybercriminals.
In the screenshot above, the user under the nickname Sedut is trying to sell access to the CloudSek, XVIGIL network, code base, corporate e -mail, jira and company accounts on social networks. As evidence, attackers leaked images containing valuable information about CloudSec:
Logins and passwords of accounts used to hack the Breache and XSS forums;
Instructions for the use of webceps;
Screenshots with company databases, dash panels and orders.
Cybercriminals are trying to sell the CloudSek database for $ 10,000, the code database and documentation for employees – for $ 8,000.
In the deed, the company suspects another IB company. The circle of suspects was already narrowed, as the director of Cloudsek told in his message. He claims that for hacking there is a company that monitors the activities of hackers in Darkweb, which is indicated by the techniques and tactics used by attackers during the attack.