Password management software firm LastPass recently admitted that one of its DevOps engineers had their personal home computer hacked and implanted with keylogging malware as part of a sustained cyberattack. This attack was conducted in two stages, according to LastPass’s announcement. The first incident, which occurred in August 2022, saw the threat actor pivot to a new series of reconnaissance, enumeration, and exfiltration activities that culminated in the second incident, where the threat actor was able to access sensitive corporate data.
In order to gain access, the attacker exploited a remote code execution vulnerability in a third-party media software package and planted keylogger malware on the employee’s personal computer. This malware allowed the attacker to capture the employee’s master password, which enabled them to access the DevOps engineer’s LastPass corporate vault. From there, the attacker was able to export the native corporate vault entries and content of shared folders.
The breach was initially reported by LastPass in August 2022, when they warned that portions of their source code had been stolen. However, it wasn’t until January 2023 that the company revealed the true extent of the breach, which included the theft of account usernames, salted and hashed passwords, multi-factor authentication settings, product settings and licensing information.
LastPass, which boasts more than 30 million users and 85,000 business customers worldwide, has since been working with incident response experts at Mandiant to investigate the incident. The company has released a note with additional details about the attack, as well as taken appropriate action to mitigate the risk associated with this breach.
In conclusion, LastPass’s recent breach is an example of how even the most secure companies can be targeted by sophisticated cyberattacks. To help protect against such security threats, organizations should ensure that they have robust security measures in place, such as strong authentication and password management systems.
Key Points:
• LastPass recently admitted that one of its DevOps engineers had their personal home computer hacked and implanted with keylogging malware as part of a sustained cyberattack.
• The breach was initially reported in August 2022, but the true extent of the breach wasn’t revealed until January 2023.
• LastPass has taken appropriate action to mitigate the risk associated with the breach, and is working with incident response experts at Mandiant to investigate the incident.
• Organizations should ensure that they have robust security measures in place, such as strong authentication and password management systems.