05-09-2024, 11:05 AM
News Zscaler shuts down exposed system after rumors of a cyberattack
<body><div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>In response to the rumors of a threat actor hacking and selling access to its systems, Zscaler said it has taken a “test environment” offline for analysis which was found to be exposed.</p>
<p>“Our investigation discovered an isolated test environment on a single server (without any customer data) which was exposed to the internet,” Zscaler confirmed in a May 8 update on <a href="https://web.archive.org/web/20240509000840/https:/trust.zscaler.com/zscaler.net/posts/18686" target="_blank" rel="noreferrer noopener">Zscaler’s Trust site</a>. “Zscaler can confirm there is no impact or compromise to iproduction,r, production and corporate environments.”</p>
<p>In an earlier post, the company said it had initiated an investigation immediately after learning of an X (formerly Twitter) post by a threat actor claiming to have potentially obtained unauthorized information.</p>
<p>“We take every potential threat and claim very seriously and will continue our rigorous investigation,” <a href="https://web.archive.org/web/20240508221006/https:/trust.zscaler.com/zscaler.net/posts/18686" target="_blank" rel="noreferrer noopener">Scaler had added</a>.</p>
<h2 class="wp-block-heading" id="zscaler-initially-dismissed-rumors-of-an-attack">Zscaler initially dismissed rumors of an attack</h2>
<p>A few hours earlier the company had dismissed the rumors saying internal investigations, until that time, had not shown any evidence that its customer or production environments were breached.</p>
<p>A Zscaler employee had also <a href="https://infosec.exchange/@thint/112407111767459077" target="_blank" rel="noreferrer noopener">said</a> on the Mastodon social media platform that the claims of breach of Zscaler systems were “completely inaccurate and unfounded”.</p>
<p>“We regularly see attempted attacks and rumors circulating, but it is crucial to rely only on official communications from Zscaler itself to get factual updates and information,” the employee had said.</p>
<p>The rumors started after the notorious Serbian threat actor named IntelBroker offered to sell access to a cybersecurity company with a revenue of $1.8 billion.</p>
<h2 class="wp-block-heading" id="intelbroker-likely-breached-zscaler">IntelBroker likely breached Zscaler</h2>
<p>High profile hacker IntelBroker, in a dark web post on May 8, claimed the breach offering to sell access to “Confidential and highly critical logs packed with credentials, SMTP Access, PAuth Pointer Auth Access, SSL Passkeys & SSL Certificates.”</p>
<p>Immediately after IntelBroker posted claims of breach, connections were made to Zscaler as the company lists on ZoomInfo with a revenue of $1.8 billion.</p>
<p>Furthermore, a Mastodon user @DarkWebInformer had also <a href="https://infosec.exchange/@DarkWebInformer/112405522701193351" target="_blank" rel="noreferrer noopener">confirmed</a> that “Zscaler has been breached,” linking the attack to the IntelBroker claim. Cybersecurity news platform BleepingCoumputer also said it had seen a screenshot of the threat actor claiming it was Zscaler in the Breach Forums shoutbox.</p>
<p>Breach Forums is a <a href="https://www.csoonline.com/article/2091966/sensitive-us-government-data-exposed-after-space-eyes-data-breach.html" target="_blank">revived version</a> of the cybercrime site Raid Forums that IntelBroker and the threat group the actor affiliates to (CyberNiggers) use. IntelBroker is a prominent member of the group, specializing in initial access brokering, identifying and exploiting weaknesses in systems, and selling compromised access on the dark web. The hacker <a href="https://www.csoonline.com/article/2091966/sensitive-us-government-data-exposed-after-space-eyes-data-breach.html" target="_blank">recently breached Space-Eyes</a>, a geospatial intelligence firm, catering exclusively to the US government agencies. Previously, the threat actor has been linked to the breaches of <a href="https://socradar.io/dark-web-profile-cyberniggers/" target="_blank" rel="noreferrer noopener">the Colonial Pipeline</a>, <a href="https://www.hackread.com/intelbroker-us-national-security-data-contractor-acuity/#google_vignette" target="_blank" rel="noreferrer noopener">US Federal contractor Acuity</a>, and <a href="https://www.csoonline.com/article/1249233/ge-investigates-alleged-data-breach-into-confidential-projects-report.html" target="_blank">General Electric</a>.</p>
</div></div></div><category>Cyberattacks, Data Breach</category></div></body>
https://www.csoonline.com/article/209964...ttack.html
<body><div id="remove_no_follow">
<div class="grid grid--cols-10@md grid--cols-8@lg article-column">
<div class="col-12 col-10@md col-6@lg col-start-3@lg">
<div class="article-column__content">
<section class="wp-block-bigbite-multi-title"><div class="container"></div></section>
<p>In response to the rumors of a threat actor hacking and selling access to its systems, Zscaler said it has taken a “test environment” offline for analysis which was found to be exposed.</p>
<p>“Our investigation discovered an isolated test environment on a single server (without any customer data) which was exposed to the internet,” Zscaler confirmed in a May 8 update on <a href="https://web.archive.org/web/20240509000840/https:/trust.zscaler.com/zscaler.net/posts/18686" target="_blank" rel="noreferrer noopener">Zscaler’s Trust site</a>. “Zscaler can confirm there is no impact or compromise to iproduction,r, production and corporate environments.”</p>
<p>In an earlier post, the company said it had initiated an investigation immediately after learning of an X (formerly Twitter) post by a threat actor claiming to have potentially obtained unauthorized information.</p>
<p>“We take every potential threat and claim very seriously and will continue our rigorous investigation,” <a href="https://web.archive.org/web/20240508221006/https:/trust.zscaler.com/zscaler.net/posts/18686" target="_blank" rel="noreferrer noopener">Scaler had added</a>.</p>
<h2 class="wp-block-heading" id="zscaler-initially-dismissed-rumors-of-an-attack">Zscaler initially dismissed rumors of an attack</h2>
<p>A few hours earlier the company had dismissed the rumors saying internal investigations, until that time, had not shown any evidence that its customer or production environments were breached.</p>
<p>A Zscaler employee had also <a href="https://infosec.exchange/@thint/112407111767459077" target="_blank" rel="noreferrer noopener">said</a> on the Mastodon social media platform that the claims of breach of Zscaler systems were “completely inaccurate and unfounded”.</p>
<p>“We regularly see attempted attacks and rumors circulating, but it is crucial to rely only on official communications from Zscaler itself to get factual updates and information,” the employee had said.</p>
<p>The rumors started after the notorious Serbian threat actor named IntelBroker offered to sell access to a cybersecurity company with a revenue of $1.8 billion.</p>
<h2 class="wp-block-heading" id="intelbroker-likely-breached-zscaler">IntelBroker likely breached Zscaler</h2>
<p>High profile hacker IntelBroker, in a dark web post on May 8, claimed the breach offering to sell access to “Confidential and highly critical logs packed with credentials, SMTP Access, PAuth Pointer Auth Access, SSL Passkeys & SSL Certificates.”</p>
<p>Immediately after IntelBroker posted claims of breach, connections were made to Zscaler as the company lists on ZoomInfo with a revenue of $1.8 billion.</p>
<p>Furthermore, a Mastodon user @DarkWebInformer had also <a href="https://infosec.exchange/@DarkWebInformer/112405522701193351" target="_blank" rel="noreferrer noopener">confirmed</a> that “Zscaler has been breached,” linking the attack to the IntelBroker claim. Cybersecurity news platform BleepingCoumputer also said it had seen a screenshot of the threat actor claiming it was Zscaler in the Breach Forums shoutbox.</p>
<p>Breach Forums is a <a href="https://www.csoonline.com/article/2091966/sensitive-us-government-data-exposed-after-space-eyes-data-breach.html" target="_blank">revived version</a> of the cybercrime site Raid Forums that IntelBroker and the threat group the actor affiliates to (CyberNiggers) use. IntelBroker is a prominent member of the group, specializing in initial access brokering, identifying and exploiting weaknesses in systems, and selling compromised access on the dark web. The hacker <a href="https://www.csoonline.com/article/2091966/sensitive-us-government-data-exposed-after-space-eyes-data-breach.html" target="_blank">recently breached Space-Eyes</a>, a geospatial intelligence firm, catering exclusively to the US government agencies. Previously, the threat actor has been linked to the breaches of <a href="https://socradar.io/dark-web-profile-cyberniggers/" target="_blank" rel="noreferrer noopener">the Colonial Pipeline</a>, <a href="https://www.hackread.com/intelbroker-us-national-security-data-contractor-acuity/#google_vignette" target="_blank" rel="noreferrer noopener">US Federal contractor Acuity</a>, and <a href="https://www.csoonline.com/article/1249233/ge-investigates-alleged-data-breach-into-confidential-projects-report.html" target="_blank">General Electric</a>.</p>
</div></div></div><category>Cyberattacks, Data Breach</category></div></body>
https://www.csoonline.com/article/209964...ttack.html