Hit but not sunk. The digital services company Econocom is reassuring, ten days after the claim of a hacking of its data by the gangs of cybercriminals GhostSec and Stormy. The latter had announced about ten days ago that they had obtained 70 gigabytes of data, including passwords, internal documents and private correspondence. A hacking that was a task for the company, which precisely offers cybersecurity solutions in its range of services.
But in two detailed situation points published on Monday, August 28 and Thursday, August 24, Econocom, which was supposed to file a complaint, considers that the impact of this malicious act is “limited”. However, the company is still cautious, because its full diagnosis will only be completed in a few days.
However, the company has clearly identified the source of the stolen data. They would come from a service provider working for a few clients in France. “To date, the most plausible lead is that the service provider has been compromised and that the data has been exfiltrated from its infrastructure”” details Econocom.
More precisely, a workstation of this provider, an organization that has not been mentioned by name, has obviously been infiltrated by the hackers. An interesting target for hackers: the person had access via the virtual private network – rights revoked since – to an Econocom resource.
Two points of sharing compromised
According to the internal investigation, the GhostSec and Stormy hackers thus managed to steal data stored on two SharePoint shares for individual use, created via the Teams collaboration tool. However, these data were not very sensitive, with the exception of the private data of a person as well as the connection data of technical accounts.
However, the Econocom service provider was not the only one targeted. The client’s experts indeed found a little later, last Friday, the trace of a similar attack on one of its servers, without it resulting this time in a data theft. “The investigations carried out during the night from Friday to Saturday have demonstrated that the security measures in place have made it possible to prevent any information leakage or compromise by this route,” indeed specifies the company.