Hackers involved in a cyberattack on the Colonial Pipeline pipeline system in the United States used a leaked VPN password.
The senior vice president of Mandiant Charles Karmakal told Bloomberg about it. It was he who was responsible for eliminating the attack. In his opinion, one of the employees used the same password for both VPN and other services. The investigation found no signs of phishing.
Karmakal suggested that by the time of the attack, the account was no longer in use by employees, but it could still open up access to networks. The password for this account, according to the vice president, was found on the darknet. It is possible that this combination was also suitable for other company accounts that could have been hacked earlier.
The data was found among the information hitting the darknet. It is noted that the account deactivated after the attack did not use multi-factor authentication.
Colonial Pipeline, the largest pipeline operator in the United States, was attacked by DarkSide ransomware on May 7. The attack caused the company to shut down some systems “to contain a threat that temporarily halted all pipeline operations and affected some information systems.”
The hack paralyzed the Colonial Pipeline system for several days. As Bloomberg reported, the company paid the hackers a ransom of about $ 5 million to regain access to their data.
Catch up on more articles here
Follow us on Twitter here