CloudSEK, an Indian cybersecurity company claims that a threat actor gained entry to Confluence using stolen credentials from one of its Jira accounts.
CloudSEK claims that the attackers did not compromise its databases. However, some internal information was stolen from Confluence’s wiki. This included screenshots of product dashboards, three customer names, and order details.
We are looking into a cyberattack on CloudSEK. A Jira password for an employee was used to gain access to the confluence pages by someone else,” Rahul Sasi (CEO and founder of the company), stated on Tuesday.
The threat actor instead could use the Jira stolen credentials to access Jira training, documents and Confluence pages.
CloudSEK network access claimed by threat actor
Sedut, a threat actor, is trying to get access to CloudSek’s codebase, network, Xvigil and codebase.
Images containing CloudSEK information were also released by the hackers. These images included usernames and passwords of accounts that they used to hack into Breached or XSS forums. Instructions on using various website crawlers and screenshots showing CloudSEK’s database schema and CloudSEK dashboard. They even had purchase orders.
CloudSEK’s alleged data base is being sold by a threat actor for $10,000, and codebase and engineering product documentations for $8,000 each.
Sasi said Wednesday that all screenshots and purported accesses of the threat actor could be traced back at JIRA Tickets or internal confluences pages.
“Even screenshots of ElasticDB and mySQL schema are taken from training documents on JIRA/Confluence.
The main suspect is an unnamed cybersecurity company
CloudSEK already has a tighter circle of suspects and Sasi, who updated his blog post to claim that another cybersecurity company, known for monitoring dark web developments, might be responsible.
CloudSEK CEO CloudSEK says, “We suspect that a notorious Cyber Security firm is behind this attack.”
The attack and indicators point back to an attacker who has a history of similar tactics that we’ve seen in the past.”
BleepingComputer reached Out to BleepingComputer earlier today in an effort to get more information, however, a spokesperson for the company refused additional details about the identity of the cybersecurity firm that is suspected of the CloudSEK attack.
According to a spokesperson for CloudSEK on Wednesday, “Immediately we learned of a targeted attack against CloudSEK”, the company made the announcement on BleepingComputer.