Security News > 2023 > September > Attackers hit software firm Retool to get to crypto companies and assets
Retool, the company behind the popular development platform for building internal business software, has suffered a breach that allowed attackers to access and take over accounts of 27 cloud customers, all in the crypto industry.
According to a CoinDesk report, one the known victims is Fortress Trust, i.e., four of its customers who accessed their crypto funds via a portal built by Retool.
Spoofed to look like it was coming from the company's IT department, the goal was to make the targets log in to a fake Retool identity portal, at which point they would receive a phone call by the attacker.
"With these codes, the attacker gained access to our VPN, and crucially, our internal admin systems. This allowed them to run an account takeover attack on a specific set of customers," Kodesh noted, and added that the attacker also poked around some of the Retool apps - but didn't specify which ones.
Retool is working with law enforcement and a third party forensics firm to investigate the breach in depth.
"Retool on-prem operates in a 'zero trust' environment, and doesn't trust Retool cloud. It is fully self contained, and loads nothing from the cloud environment. This meant that although an attacker had access to Retool cloud, there was nothing they could do to affect on-premise customers," Kodesh noted.