The cyber attack targeted CloudSEK after a threat actor gained access to its Confluence server using stolen credentials for one of its employees' Jira accounts.
The compromised information includes screenshots of product dashboards and three customers' names, access training and internal documents, Confluence pages, and open-source automation scripts attached to Jira.
They also exposed CloudSEK-related information, including usernames and passwords for accounts used to scrape the Breached and XSS hacking forums, instructions on how to use various website crawlers, as well as screenshots showing CloudSEK's database schema, CloudSEK's dashboard, and purchase orders.
The threat actor allegedly made $10,000 off of CloudSEK's purported database while making $8,000 off of the codebase and employee/engineering product documentation.
"id": "CLO827121222",
"linkid": "cloudsek",
"type": "Cyber Attack",
"date": "12/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"