25 July 2022

Digital security giant Entrust hit with ransomware


Digital security giant Entrust hit with ransomware

Entrust Group, a US-based company that offers a wide range of security services to many organizations, has reportedly suffered a ransomware attack, in which the attackers have breached the company’s internal systems and stolen corporate data.

Entrust provides identity-based security software and services in the areas of public key infrastructure (PKI), multi-factor authentication, Secure Socket Layer certificates, fraud detection, digital certificates, and mobile authentication. The company provides security services to multiple US government agencies, such as the Department of Homeland Security, the Department of Energy, the Department of the Treasury, the Department of Health & Human Services, the Department of Veterans Affairs, the Department of Agriculture, and many others.

According to a security notice Entrust sent to its customers and shared online by the security researcher Dominic Alvieri, the incident took place on June 18. So far, there has been no evidence that the attack affected the operation or security of the company’s products and services, Entrust CEO Todd Wilkinson said.

The security notice confirms that data was stolen from Entrust's internal systems, but doesn’t provide additional information about what data the hackers got access to.

AdvIntel CEO Vitali Kremez told the tech news website BleepingComputer that a well-known ransomware gang was behind the intrusion. He said that the ransomware group breached Entrust’s internal systems using compromised credentials they purchased from network access sellers.

“The responsible group operation relied on the trusted network of network access sellers to obtain initial access to Entrust environment which led to the subsequent encryption and exfiltration exposure via a known ransomware group,” Kremez said.

Currently, it’s not clear what ransomware operation is responsible for this attack.

Back to the list

Latest Posts

Cyber Security Week in Review: March 1, 2024

Cyber Security Week in Review: March 1, 2024

The world in brief: Russian cyberspies evolve to target cloud environments, North Korean hackers exploit Windows zero-day, and more.
1 March 2024
Ukrainian hacktivists share new details on production of Russian Orlan-10 drones

Ukrainian hacktivists share new details on production of Russian Orlan-10 drones

The data was obtained from hacked email correspondence from the Russian LLC “Special Technological Center.”
29 February 2024
North Korean Lazarus hackers abused recent Windows zero-day to obtain kernel-level access

North Korean Lazarus hackers abused recent Windows zero-day to obtain kernel-level access

Lazarus' shift to exploiting zero-day flaws represents a significant escalation from their previous methods.
29 February 2024