Jason Soroco of Sectigo called it “an attack of textbook identity”. “By safely replacing a reliable password in a reliable harvesting mechanism, adverse harvesting domain administrator passwords, VSPHERE ROUNT key and service-account mystery that serve as a digital identity of the organization,” he said. “Those stolen identities rejected the perimeter controls, neutralized the Vims and enabled the hyper-level ransomware perfection.”
The attack was not just about malware. As APONO co-founder and CEO Rome Carmel, said, “It rests on identity and credentials.”
Carmel said, “By Trojaning Keepase, the attackers had access to a contingent of credentials stored with administrative accounts, service accounts and API keys, which provided the ability to move them later and enhance privileges,” Carmel said. “Learned lessons: This violation highlights that both humans and non-humans are the main goals and prominent promoters in modern ranges, modern ranges.”
Open Source: Dop holder sword
This campaign also highlights the risks of relying on open-source software- or more accurate, its wrong source. There was no problem in itself, there was an ecosystem around it. “This case touches our faith in open-source use and false advertising,” Sipot said.
