Zscaler hacked by IntelBroker

IntelBroker ‎claims‏ ‎to ‎have ‎breached ‎Zscaler ‎and‏ ‎sold ‎access‏ ‎to‏ ‎its ‎systems, ‎Zscaler‏ ‎maintains ‎that‏ ‎there ‎has ‎been ‎no‏ ‎compromise‏ ‎of ‎its‏ ‎main ‎environments‏ ‎and ‎that ‎only ‎an ‎isolated‏ ‎test‏ ‎environment ‎was‏ ‎affected. ‎The‏ ‎situation ‎continues ‎to ‎develop ‎as‏ ‎investigations‏ ‎proceed.

IntelBroker’s‏ ‎Claims:

📌IntelBroker, ‎a‏ ‎known ‎threat‏ ‎actor, ‎claimed‏ ‎to‏ ‎have ‎breached‏ ‎Zscaler’s ‎systems.

📌The ‎actor ‎allegedly ‎accessed‏ ‎confidential ‎logs‏ ‎packed‏ ‎with ‎credentials, ‎including‏ ‎SMTP ‎access,‏ ‎PAuth ‎access, ‎and ‎SSL‏ ‎passkeys‏ ‎and ‎certificates.

📌IntelBroker‏ ‎offered ‎to‏ ‎sell ‎this ‎access ‎for ‎$20,000‏ ‎in‏ ‎cryptocurrency.

Zscaler’s ‎Response‏ ‎and ‎Findings:

📌Zscaler‏ ‎has ‎consistently ‎denied ‎any ‎impact‏ ‎or‏ ‎compromise‏ ‎to ‎its‏ ‎customer, ‎production,‏ ‎and ‎corporate‏ ‎environments.

📌The‏ ‎company ‎acknowledged‏ ‎the ‎exposure ‎of ‎an ‎isolated‏ ‎test ‎environment‏ ‎on‏ ‎a ‎single ‎server,‏ ‎which ‎was‏ ‎not ‎connected ‎to ‎Zscaler’s‏ ‎infrastructure‏ ‎or ‎hosting‏ ‎any ‎customer‏ ‎data.

📌This ‎test ‎environment ‎was ‎exposed‏ ‎to‏ ‎the ‎internet‏ ‎and ‎subsequently‏ ‎taken ‎offline ‎for ‎forensic ‎analysis.

Investigative‏ ‎Measures:

📌Zscaler‏ ‎engaged‏ ‎a ‎reputable‏ ‎incident ‎response‏ ‎firm ‎to‏ ‎conduct‏ ‎an ‎independent‏ ‎investigation.

📌The ‎company ‎has ‎been ‎providing‏ ‎regular ‎updates,‏ ‎asserting‏ ‎the ‎security ‎of‏ ‎its ‎main‏ ‎operational ‎environments.

📌Zscaler ‎emphasized ‎that‏ ‎the‏ ‎exposure ‎of‏ ‎the ‎test‏ ‎environment ‎does ‎not ‎affect ‎the‏ ‎security‏ ‎of ‎its‏ ‎primary ‎systems‏ ‎and ‎data.

IntelBroker’s ‎Background ‎and ‎Credibility:

📌IntelBroker‏ ‎has‏ ‎a‏ ‎history ‎of‏ ‎making ‎bold‏ ‎claims ‎about‏ ‎breaches,‏ ‎including ‎previous‏ ‎allegations ‎against ‎high-profile ‎targets ‎like‏ ‎the ‎US‏ ‎State‏ ‎Department ‎and ‎various‏ ‎corporate ‎entities.

📌The‏ ‎threat ‎actor ‎is ‎also‏ ‎known‏ ‎for ‎previous‏ ‎breaches ‎involving‏ ‎companies ‎like ‎PandaBuy ‎and ‎HomeDepot,‏ ‎and‏ ‎claims ‎of‏ ‎stealing ‎data‏ ‎from ‎General ‎Electric.

Root ‎Cause ‎of‏ ‎the‏ ‎Alleged‏ ‎Hack:

📌The ‎root‏ ‎cause, ‎as‏ ‎claimed ‎by‏ ‎IntelBroker,‏ ‎centers ‎on‏ ‎the ‎exploitation ‎of ‎the ‎isolated‏ ‎test ‎environment‏ ‎that‏ ‎was ‎inadvertently ‎exposed‏ ‎to ‎the‏ ‎internet.

📌Zscaler’s ‎investigation ‎discovered ‎only‏ ‎this‏ ‎exposure, ‎which‏ ‎did ‎not‏ ‎involve ‎any ‎customer ‎data ‎or‏ ‎connection‏ ‎to ‎its‏ ‎main ‎infrastructure.

Contradictions‏ ‎and ‎Ongoing ‎Developments:

📌IntelBroker’s ‎assertion ‎that‏ ‎the‏ ‎access‏ ‎sold ‎was‏ ‎not ‎to‏ ‎a ‎testing‏ ‎environment‏ ‎contradicts ‎Zscaler’s‏ ‎findings.

📌Zscaler ‎maintains ‎that ‎there ‎has‏ ‎been ‎no‏ ‎compromise‏ ‎of ‎its ‎main‏ ‎systems ‎and‏ ‎has ‎taken ‎steps ‎to‏ ‎ensure‏ ‎the ‎continued‏ ‎security ‎of‏ ‎its ‎environments.