iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Cloud cyber security company Zscaler has taken one of its systems offline after rumours of a cyber attack on its systems spread online.
The company first noted on 8 May that a threat actor had claimed, on X (formerly Twitter), to have exfiltrated unauthorised data.
🚨#BREAKING🚨Notorious threat actor, @InteIBroker, is selling access to a large Cybersecurity company. Price: $20,000. Details below.#DarkWebInformer #DarkWeb #Cybersecurity #Cyberattack #Cybercrime #Infosec #CTI
— Dark Web Informer (@DarkWebInformer) May 8, 2024
Revenue: $1.8 Billion
Access includes:
- Confidential and highly… pic.twitter.com/i9Vfq10ET0
The threat actor in question was the notorious IntelBroker, who posted on BreachForums that he was selling access to a “large Cybersecurity company” for US$20,000.
According to the post, access includes:
“- Confidential and highly critical logs packed with credentials
“- SMTP Access
“- PAuth Pointer Auth Access
“- SSL Passkeys & SSL Certificates
“- some others (will be on contact).”
IntelBroker added that Zscaler’s annual revenue was US$1.8 billion.
On news of the incident, Zscaler posted a security update announcing that it was launching an investigation.
“There is an ongoing investigation we initiated immediately after learning about the claims. We take every potential threat and claim very seriously and will continue our rigorous investigation,” the company wrote, despite initially dismissing the claims.
As part of the investigation, Zscaler said it discovered an “isolated test environment on a single server (without any customer data) which was exposed to the internet”, which was promptly taken down.
“The test environment was not hosted on Zscaler infrastructure and had no connectivity to Zscaler’s environments,” it said.
The company added that it was able to confirm that its customer, production and corporate environments suffered no impact as a result of the incident. The next day, it also engaged a “reputable incident response firm”.
Additionally, as reported by CSO Online, a Zscaler employee also said the claims of the attack were “completely inaccurate and unfounded”.
“We regularly see attempted attacks and rumours circulating, but it is crucial to rely only on official communications from Zscaler itself to get factual updates and information,” the employee said.
That being said, a number of users on X claim that the breach is confirmed, including @DarkWebInformer who has a reputation for sharing information on breaches.
Additionally, another user by the name of James H (@milkshakesbot) said he had seen IntelBroker discussing the breach in shoutbox, confirming that IntelBroker’s post was refering to Zscaler.
Its now confirmed. 🙏 Caught him talking about this in shoutbox. https://t.co/cx6BJlumiY
— James H (@milkshakesbot) May 8, 2024
This is a developing story. Cyber Daily will provide an update as new information is discovered.
Be the first to hear the latest developments in the cyber industry.
