Entrust Group, a US-based company that offers a wide range of security services to many organizations, has reportedly suffered a ransomware attack, in which the attackers have breached the company’s internal systems and stolen corporate data.
Entrust provides identity-based security software and services in the areas of public key infrastructure (PKI), multi-factor authentication, Secure Socket Layer certificates, fraud detection, digital certificates, and mobile authentication. The company provides security services to multiple US government agencies, such as the Department of Homeland Security, the Department of Energy, the Department of the Treasury, the Department of Health & Human Services, the Department of Veterans Affairs, the Department of Agriculture, and many others.
According to a security notice Entrust sent to its customers and shared online by the security researcher Dominic Alvieri, the incident took place on June 18. So far, there has been no evidence that the attack affected the operation or security of the company’s products and services, Entrust CEO Todd Wilkinson said.
The security notice confirms that data was stolen from Entrust's internal systems, but doesn’t provide additional information about what data the hackers got access to.
AdvIntel CEO Vitali Kremez told the tech news website BleepingComputer that a well-known ransomware gang was behind the intrusion. He said that the ransomware group breached Entrust’s internal systems using compromised credentials they purchased from network access sellers.
“The responsible group operation relied on the trusted network of network access sellers to obtain initial access to Entrust environment which led to the subsequent encryption and exfiltration exposure via a known ransomware group,” Kremez said.
Currently, it’s not clear what ransomware operation is responsible for this attack.