““There were no further exfiltration activities after Sept. The threat actor operated undetected by LastPass for almost three months as part of the second incident, which LastPass said spanned from Aug. But scenario 3 offers the possibility that maybe (just maybe) the threat actor isn't actually interested in leveraging the data they acquired - because their objective is already complete. I'm sure there are other possibilities out there. someone trying to embarrass/shame LastPass for poor security practices and/or other reasons: this is the one that makes the most sense to me personally based on the timeline and actions of the attacker.hackers trying to profit based off the data they accessed: the longer they maintain access, the more backups they could keep exfiltrating.They'd just stay in there quietly as long as they could, or make a quick exit if they got what they came after (info on specific users). state actor: doesn't sound like something they would do.
What does this potentially indicate about who the threat actor is? Some thoughts: In other words, it seems they almost wanted to be caught and have the magnitude of their breach known. why would they even want to change their role? They already got everything.and then seemed to loudly ring the alarm (on their way out?) by trying to use Cloud Identity and Access Management roles they didn’t have access to.as we all know, stole basically every last thing LastPass had to be stolen.stayed in there for a whole month longer than the last date of exfiltrated data (Sept 22 - Oct 26 = 34 days).was in LastPass's system for quite a while (Aug 12 - Oct 26 = 75 days).Based on this article (see also relevant excerpts below), the threat actor
0 kommentar(er)
