Hackers Contacted Cybersecurity Firm CEO’s Son, Wife in Extortion Attempt

Hackers stole contracts from cybersecurity firm Dragos Inc. as part of an extortion attempt that included contacting the chief executive officer’s wife and 5-year-old son, according to a company blog post, documents provided by the suspected hackers and interviews.

(Bloomberg) — Hackers stole contracts from cybersecurity firm Dragos Inc. as part of an extortion attempt that included contacting the chief executive officer’s wife and 5-year-old son, according to a company blog post, documents provided by the suspected hackers and interviews. 

The firm didn’t pay the hackers, who gained access to internal documents after breaching the personal email account of a newly hired Dragos sales employee, CEO Robert M. Lee told Bloomberg News in an interview. 

Dragos specializes in providing cybersecurity services for industrial control systems such as power grids, water treatment plants and pipelines. 

As part of the extortion attempt, the hackers called Lee’s son on a phone the child used to communicate with his grandmother, Lee said. The boy handed the phone to his mother, who hung up, Lee said. The hackers called Lee’s wife in a separate call, he said.

The attack occurred on May 8 when a “known criminal group attempted and failed at an extortion scheme against Dragos,” according to the blog. Dragos didn’t identify the hackers.

“The criminal group gained access by compromising the personal email address of a new sales employee prior to their start date, and subsequently used their personal information to impersonate the Dragos employee and accomplish initial steps in the employee onboarding process,” the blog said. The hackers accessed resources a new sales employee typically uses, including intranet software and the Dragos contract management system.

“In one instance, a report with IP addresses associated with a customer was accessed, and we’ve reached out to the customer,” the company said in the blog, which added that Dragos prevented the hackers from deploying ransomware, believed to be the primary goal, and further infiltrating the company’s network.

The hackers also contacted other company executives on WhatsApp, and those employees didn’t engage, according to Lee and the blog post. As part of an effort to increase pressure on hacking victims, cybercriminals have been contacting company executives and occasionally family members to increase the pressure to pay an extortion fee, cybersecurity officials have said.  

Bloomberg News contacted a hacker via Telegram who claimed credit for the attack and described it as opportunistic. The hacker denied contacting Lee’s son but acknowledged reaching out to his wife. The hacker claimed to have stolen 130 gigabytes worth of files from the company. Stealing documents and extorting company executives has become an increasingly common tactic among criminal hacker groups, sometimes in coordination with deploying ransomware. 

The hacker provided Bloomberg with a copy of a contract between Dragos and the 67th Cyberspace Wing of the US Air Force outlining a research and development agreement. The six-page document outlines an agreement for Dragos to receive network information regarding the Department of Defense’s industrial control system environment. Lee confirmed that the contract was legitimate. A spokesperson for the 67th Cyberspace Wing declined to comment. 

Dragos said it added an additional verification step “to further harden our onboarding process and ensure that this technique cannot be repeated.” 

 

(Updates with no comment from 67th Cyberspace Wing)

More stories like this are available on bloomberg.com

©2023 Bloomberg L.P.