CircleCI Releases Post-Attack Incident Report as Core Enterprise Apps Rise in Popularity to Target

Bleeping Computer has posted an article discussing newly released information regarding the CircleCI data breach. This was prompted by CircleCI, a backbone service for many developers, releasing an incident report revealing the initial breach was caused by an engineer’s device becoming “infected with information-stealing malware that [stole] their 2FA-backed SSO session cookie” and allowed criminal actors to begin stealing data beginning December 22, 2022. This attack, among others, represents a new shift towards targeting core enterprise tools on the part of threat actors. Over the past year, identity applications (Okta, LastPass) and developer-focused applications (CircleCI, Slack, GitHub), categories that are critical elements for any organization’s network, have seen threat actors targeting their networks and source code. These attacks are part of a wider trend of threat actors targeting 2FA solutions, likely to prepare for later hacks that are capable of sidestepping an organization’s security entirely by attacking the third parties they depend on. Read more at Bleeping Computer.