Summary
Key Points:
- LastPass confirmed a data breach resulting from the Klue supply chain attack, where hackers accessed customer data via stolen OAuth tokens.
- The incident primarily affected LastPass's Salesforce environment, but customer vaults remained secure. However, exposed data may be leveraged for phishing and social engineering attacks.
- Users are advised to be cautious of unsolicited communications and to avoid sharing their master passwords. LastPass has taken steps to mitigate the impact by disabling access to Klue and rotating exposed tokens.
Technical Details: The breach involved the Icarus extortion group exploiting compromised legacy credentials to access Klue's infrastructure, which allowed them to steal OAuth tokens linked to various third-party services, including Salesforce.
MITRE ATT&CK Techniques:
- T1078 - Valid Accounts (Defense Evasion)
- T1071.001 - Application Layer Protocol: Web Protocols (Command and Control)
IOCs Mentioned:
- Sender domains: baccarat.com.au, robinskitchen.com.au, house.com.au
Join the discussion — sign up to comment, upvote, and save articles.