7 June 2021

Hackers reportedly breached Colonial Pipeline using compromised password


Hackers reportedly breached Colonial Pipeline using compromised password

Hackers behind the ransomware attack on Colonial Pipeline that took down the US’ largest fuel pipeline and caused fuel shortages across the East Coast earlier this year were able to breach the pipeline operator’s network using a compromised password, Bloomberg reported.

The attack took place on April 29 and used an unprotected virtual private network account as the point of entry, Charles Carmakal, senior vice president at cybersecurity firm Mandiant said. Initially, this VPN account was set up to allow Colonial Pipeline employees to access the network remotely. According to Carmakal, although the account was no longer in use it was still active and accessible to the hackers. The VPN account, which has since been deactivated, didn’t use multi-factor authentication.

The password for the said account was later discovered among the batch of leaked passwords on the dark web, suggesting that a Colonial employee may have used the same password on another account that was previously compromised. Carmakal said he isn’t certain that’s how hackers obtained the password. Also, it’s not clear how the hackers obtained the username for the account, or they were able to guess it on their own.

Last month, the Transportation Security Administration issued a new cybersecurity policy requiring pipeline operators to report cyberattacks to the government within 12 hours.


Back to the list

Latest Posts

Google fixes yet another Chrome 0Day exploited in the wild

Google fixes yet another Chrome 0Day exploited in the wild

In addition to CVE-2021-30554, Chrome 91.0.4472.114 resolves three high-risk vulnerabilities that allow a remote attacker to compromise a vulnerable system.
18 June 2021
Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

Researchers uncover a 6-year Iranian domestic cyber-espionage campaign

The threat actor deployed the MarkiRAT malware able to steal data and hijack the infected user’s Chrome browser and their Telegram app.
17 June 2021
DarkSide affiliates shift to software supply chain attacks

DarkSide affiliates shift to software supply chain attacks

UNC2465 compromised a website of a CCTV camera vendor and planted malware in the Dahua SmartPSS Windows app.
17 June 2021