25 July 2022

Digital security giant Entrust hit with ransomware


Digital security giant Entrust hit with ransomware

Entrust Group, a US-based company that offers a wide range of security services to many organizations, has reportedly suffered a ransomware attack, in which the attackers have breached the company’s internal systems and stolen corporate data.

Entrust provides identity-based security software and services in the areas of public key infrastructure (PKI), multi-factor authentication, Secure Socket Layer certificates, fraud detection, digital certificates, and mobile authentication. The company provides security services to multiple US government agencies, such as the Department of Homeland Security, the Department of Energy, the Department of the Treasury, the Department of Health & Human Services, the Department of Veterans Affairs, the Department of Agriculture, and many others.

According to a security notice Entrust sent to its customers and shared online by the security researcher Dominic Alvieri, the incident took place on June 18. So far, there has been no evidence that the attack affected the operation or security of the company’s products and services, Entrust CEO Todd Wilkinson said.

The security notice confirms that data was stolen from Entrust's internal systems, but doesn’t provide additional information about what data the hackers got access to.

AdvIntel CEO Vitali Kremez told the tech news website BleepingComputer that a well-known ransomware gang was behind the intrusion. He said that the ransomware group breached Entrust’s internal systems using compromised credentials they purchased from network access sellers.

“The responsible group operation relied on the trusted network of network access sellers to obtain initial access to Entrust environment which led to the subsequent encryption and exfiltration exposure via a known ransomware group,” Kremez said.

Currently, it’s not clear what ransomware operation is responsible for this attack.

Back to the list

Latest Posts

Pro-Ukraine cybercriminal forum offers DDoS attacks against orgs in Russia, Belarus

Pro-Ukraine cybercriminal forum offers DDoS attacks against orgs in Russia, Belarus

It seems that DUMPS Forum's primary focus is to support the Ukrainian war effort against Russia.
11 August 2022
Exploit code published online for a critical VMware vulnerability

Exploit code published online for a critical VMware vulnerability

A proof-of-concept code for the vulnerability along with technical analysis has been published by a security researcher.
10 August 2022
Cloudflare employees also targeted by SMS phishing attack

Cloudflare employees also targeted by SMS phishing attack

The company says that the attack occurred around the same time as Twilio was attacked and was similar in nature.
10 August 2022