Security News > 2023 > January > Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident
DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month.
The CI/CD service CircleCI said the "Sophisticated attack" took place on December 16, 2022, and that the malware went undetected by its antivirus software.
"The malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of our production systems," Rob Zuber, CircleCI's chief technology officer, said in an incident report.
The development comes a little over a week after CircleCI urged its customers to rotate all their secrets, which it said was necessitated after it was alerted to "Suspicious GitHub OAuth activity" by one of its customers on December 29, 2022.
Besides limiting access to production environments, CircleCI said it has incorporated more authentication guardrails to prevent illegitimate access even if the credentials are stolen.
It further plans to initiate periodic automatic OAuth token rotation for all customers to deter such attacks in the future, alongside introducing options for users to "Adopt the latest and most advanced security features available."
News URL
https://thehackernews.com/2023/01/malware-attack-on-circleci-engineers.html
Related news
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- ISC2 Security Congress 2024: The Landscape of Nation-State Cyber Attacks (source)
- Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)