Security News > 2023 > May > Cybersecurity firm Dragos discloses cybersecurity incident, extortion attempt
While Dragos states that the threat actors did not breach its network or cybersecurity platform, they got access to the company's SharePoint cloud service and contract management system.
"On May 8, 2023, a known cybercriminal group attempted and failed at an extortion scheme against Dragos. No Dragos systems were breached, including anything related to the Dragos Platform," the company said.
After failing to breach the company's internal network, they sent an extortion email to Dragos executives 11 hours into the attack.
Five minutes after reading the extortion message, Dragos disabled the compromised sure account, revoked all active sessions, and blocked the cybercriminals' infrastructure from accessing company resources.
The cybercrime group also attempted to extort the company by threatening to publicly disclose the incident in messages sent via public contacts and personal emails belonging to Dragos executives, senior employees, and their family members.
"While the external incident response firm and Dragos analysts feel the event is contained, this is an ongoing investigation. The data that was lost and likely to be made public because we chose not to pay the extortion is regrettable," Dragos concluded.