The threat actor also performed anti-forensic activity, and an operating system upgrade on the software engineer’s corporate laptop scheduled during the four-day period overwrote logs and system artifacts. “No privilege escalation was identified or required,” the company said in its incident report. LastPass describes this as a “tailgate” approach that relied on the software engineer’s successful authentication with domain credentials and MFA. “We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.” Third-party VPN services allowed the threat actor to obscure their location, impersonate the software engineer and access and maintain a dedicated connection to the cloud-based development environment via corporate VPN. “There is no evidence of any threat actor activity beyond the established timeline,” Toubba said in the updated blog post. The company said the threat actor was inside its development system for four days and it contained the breach. LastPass completed its investigation into the first incident with assistance from Mandiant.
0 Comments
Leave a Reply. |