Dive Brief:
- Dragos is once again the subject of an extortion attempt, this time from AlphV, also known as BlackCat, which claims to have breached the industrial cybersecurity specialist through a third-party hack.
- AlphV, linked to the high-profile social engineering attack against MGM Resorts in September, claims to have gained access to Dragos, according to post on X, the site formerly known as Twitter, by security researcher Dominic Alvieri.
- The threat group gave Dragos 24 hours, which concluded Sunday, to respond to the extortion demands or else they would begin leaking data related to Dragos executives, according to NCC Group, which confirmed the extortion post to Cybersecurity Dive. Corvus Insurance researchers also confirmed the threat.
Dive Insight:
Dragos said it was aware of an “unsubstantiated claim” about an information breach via a third party.
“While security companies like Dragos are often the subject of repeated false claims, we take the responsibility to protect data very seriously and immediately began an investigation into the claims, utilizing our own internal experts and our external security providers,” a Dragos spokesperson told Cybersecurity Dive, via email, in response to queries.
The recent extortion attempt builds on an incident six months ago, when Dragos said it thwarted a different ransomware attack. In the May incident, the company was breached after a threat actor compromised the personal email account of a new employee and got into the SharePoint and contract management resources at Dragos.
Dragos at the time said it prevented the actor in the May attack from deploying ransomware.
Cybersecurity providers have often become the targets of ransomware actors looking to make a psychological impact through a high profile extortion attempt or bypassing the defenses of a professional cyber defense firm.
Okta systems and the company’s customers have been the target of a series of cyberattacks in recent months.
In the recent incident involving Dragos, the company said the threat actors have not contacted them nor has the industrial security firm found any evidence that a Dragos system was compromised.
Dragos said it will continue to investigate and monitor the situation and bring in law enforcement as needed.