On 8 May 2023, a known cybercriminal group attempted and failed in an extortion scheme against the Dragos industrial cybersecurity platform.
The criminal group gained access by compromising a new sales employee's personal email address prior to their start date and subsequently impersonating them to perform the initial steps in the employee on-boarding process.
The attackers gained access to the company's SharePoint cloud service and contract management system, downloaded various resources and files, and even sent threat emails to company executives.
Within minutes of the attack, the company investigated the alerts in its event management and corporate security information and blocked the compromised account. It quickly activated its Crowdstrike incident response service and indicated that its security controls prevented the threat actor from deploying the ransomware on its network.