The CISO of Acronis downplayed a recent intrusion, revealing that only one customer was impacted.
This week a threat actor, who goes online with the moniker “kernelware”, claimed the theft of data from technology firm Acronis and started leaking it on the cybercrime forum Breached Forums.
The threat actor is the same who recently offered for sale the data stolen from Taiwanese multinational hardware and electronics corporation Acer.
The Acronis leak contains multiple certificate files, command logs, system configurations, system information logs, filesystem archives, python scripts for the company’s maria.db database, backup configuration stuff, screenshots of backup operations,
“Based on our investigation so far, the credentials used by a single specific customer to upload diagnostic data to Acronis support have been compromised. We are working with that customer and have suspended account access as we resolve the issue. We also shared IOCs with our industry partners and work with law enforcement.” said Acronis CEO Kevin Reed. “No other system or credential has been affected. There is no evidence of any other successful attack, nor there is any data in the leak that is not in the folder of that one customer. Our security team is obviously on high alert and the investigation continues.”
The company added that its products were not affected by the security breach and that it is not aware of vulnerabilities affecting its systems.
The threat actors compromised the single account after having obtained its login credentials.
Kernelware pointed out that despite Acronis offers data protection services, “they have dogshit security with the slogan “All-in-one Cyber Protection”. Pretty ironic lol.” The threat actor shared a 12.2GB archive containing the stolen files.
Clearly, if the investigation will confirm that only a single account has been compromised, there is no reason to believe that the company hasn’t a good security posture.
Much ado about nothing!
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Acronis)
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.