Rise of cyberattacks targeting reputations
Cybercriminals are expanding their tactics beyond ransomware. They are now manipulating narratives and deploying disinformation. This strategy aims to destabilise organisations and tarnish reputations.
In this case, a hacker going by the name “xenZen” didn’t just breach the insurance company’s system. With a fabricated email, xenZen also tried to convince the world that the CISO was in on it, that they had willingly handed over sensitive data. The accusation sparked headlines, and the story began to spiral. But it wasn’t true.
The real story
On September 20, our research team at CloudSek detected that xenZen had posted an offer to sell 7TB of customer data stolen from the insurance firm. That’s 31 million people’s personal information, includ ing their names, addresses, and health records, up for grabs on the dark web. The breach itself was very real, and its scale was massive.
Our investigation exposed that the supposed “proof” of the CISO’s involvement was fabricated. xenZen had doctored an email using a simple trick—altering the HTML code with the “inspect element” function. It was an easy way to make it look like the CISO had sent sensitive information, but it was a complete forgery.
The credentials that xenZen claimed to have received from the CISO? They were part of a separate credential breach already floating around on the dark web. The hacker found these credentials and used them to exploit a vulnerability in the company’s system.
Once xenZen had the stolen credentials, he didn’t need insider help to access the company’s database. He exploited an Insecure Direct Object Reference (IDOR) vulnerability in the company’s API, a type of security flaw that allows unauthorised users to access sensitive data simply by manipulating URLs. In this case, the flaw gave the hacker access to 7TB of customer information, allowing him to steal the data without raising any red flags.
But here’s the critical part—this was never about insider collusion. xenZen’s real goal was far more malicious. He didn’t just want the data; he wanted to destroy the reputation of the person responsible for protecting it.
In this case, we discovered that xenZen had a history of targeting Indian organisations, and his actions seemed to have a geopolitical angle.
Rahul Sasi is CEO & co-founder of CloudSek
In this case, a hacker going by the name “xenZen” didn’t just breach the insurance company’s system. With a fabricated email, xenZen also tried to convince the world that the CISO was in on it, that they had willingly handed over sensitive data. The accusation sparked headlines, and the story began to spiral. But it wasn’t true.
The real story
On September 20, our research team at CloudSek detected that xenZen had posted an offer to sell 7TB of customer data stolen from the insurance firm. That’s 31 million people’s personal information, includ ing their names, addresses, and health records, up for grabs on the dark web. The breach itself was very real, and its scale was massive.
Our investigation exposed that the supposed “proof” of the CISO’s involvement was fabricated. xenZen had doctored an email using a simple trick—altering the HTML code with the “inspect element” function. It was an easy way to make it look like the CISO had sent sensitive information, but it was a complete forgery.
The credentials that xenZen claimed to have received from the CISO? They were part of a separate credential breach already floating around on the dark web. The hacker found these credentials and used them to exploit a vulnerability in the company’s system.
Once xenZen had the stolen credentials, he didn’t need insider help to access the company’s database. He exploited an Insecure Direct Object Reference (IDOR) vulnerability in the company’s API, a type of security flaw that allows unauthorised users to access sensitive data simply by manipulating URLs. In this case, the flaw gave the hacker access to 7TB of customer information, allowing him to steal the data without raising any red flags.
But here’s the critical part—this was never about insider collusion. xenZen’s real goal was far more malicious. He didn’t just want the data; he wanted to destroy the reputation of the person responsible for protecting it.
In this case, we discovered that xenZen had a history of targeting Indian organisations, and his actions seemed to have a geopolitical angle.
Rahul Sasi is CEO & co-founder of CloudSek
Popular from Technology
- Nepali social media influencer Bibek Pangeni dies at 32
- Amazon Prime membership rules are changing starting January 2025: New limits and more
- Google CEO Sundar Pichai updates on job cuts in town hall: 10% management roles cut and other changes
- YouTube to content creators in India: We will ‘ban’ such videos
- Dell CEO Michael Dell to employees overworking: "I learned long time ago that there's a ..."
end of article
Trending Stories
- CEO Sundar Pichai to employees: Google layoffs saw 10% reduction in managers, directors, and vice presidents
- “If you have experienced losses related to this…”: ‘Hawk Tuah’ girl Hailey Welch responds to memecoin lawsuit over $HAWK Token crash
- Dreame L10s Pro Ultra Heat review: Cleaning Perfected
- Google Chrome is offering this mini-game from Netflix’s ‘Squid Game’: How to play
- Aadhaar card update deadline extended: Check last date to update Aadhaar card, how to update Aadhaar card online, and more details
- Noise launches GaN adapters, magnetic Type-C cables: Price and features
- Google launches AI model trained to use ‘thoughts’ to strengthen its reasoning
UP NEXT
Start a Conversation
Post comment