DevOps platform CircleCI said Friday that unidentified attackers compromised employee laptops, used malware to steal credentials backed by two-factor authentication, and compromised the company’s systems and data last month. made it clear.
CI/CD service CircleCI said a “sophisticated attack” occurred on December 16, 2022, and the malware was not detected by the company’s antivirus software.
CircleCI Chief Technology Officer Rob Zuber said: Said in the incident report.
Further analysis of the security blunders revealed that an unauthorized third party had stolen data from a subset of the database by abusing the elevated privileges granted to the targeted employee. This contained the customer’s environment variables, tokens, and keys.
The threat actor is believed to have conducted reconnaissance activities on December 19, 2022, followed by data exfiltration steps on December 22, 2022.
“Although all the stolen data was encrypted at rest, a third party could have extracted the encryption key from the running process and could have accessed the encrypted data,” Zuber said. said.
This development comes just over a week after CircleCI urged customers to rotate all secrets after being warned by one of their customers about “suspicious GitHub OAuth activity” on December 29, 2022. rice field.
Upon learning that a customer’s OAuth tokens had been compromised, the company said it took proactive steps to rotate all GitHub OAuth tokens, and worked with Atlassian to rotate all Bitbucket tokens and project API tokens. and revoked personal API tokens and notified customers. of AWS tokens that may be affected.
CircleCI says it’s incorporating more authentication guardrails to not only limit access to production environments, but to prevent unauthorized access even if credentials are stolen.
In addition, we are introducing options for users to “adopt the latest and most advanced security features available” and all customers will be asked to implement regular automatic OAuth token rotation to prevent such attacks in the future. I am planning to start.