An entity identified as ‘dawnofdevil’ has reportedly publicized the illicit offering of unauthorized VPN access to Darwinbox Digital Solutions Pvt Ltd, an India-based cloud human capital management (HCM) software firm, on the nuovo BreachForums.
The threat actor asserts that a cyberattack on Darwinbox compromised VPN credentials that hold the capability to infiltrate crucial systems, including Gitlab, Jira, Jenkins, and Confluence.
The disclosure of this potential cyberattack on Darwinbox unfolded as ‘dawnofdevil’ detailed the unauthorized access on the notorious BreachForums, a platform known for facilitating such clandestine transactions.
It is noteworthy that the forum post lacks concrete evidence to validate the claims made by ‘dawnofdevil.’ Despite the absence of substantiating proof, the threat actor has affixed a price tag of US$2,000 to the compromised access.
The Cyber Express Team has initiated contact with official representatives to verify the alleged cyberattack on Darwinbox. As of now, a response from the officials is pending.
A curious point of observation is that, at the time of reporting, the official Darwinbox website remains fully accessible, casting doubt on the legitimacy of the cyberattack claims.
Whether this is a strategic move for attention or conceals a different motive will only be clarified once an official response is issued by the concerned team on the Darwinbox cyberattack.
Cyberattack on Darwinbox: Impact and Wider Ramifications
The potential cyberattack poses a substantial risk to Darwinbox, a company specializing in cloud-based human capital management solutions. If the compromised VPN access is valid, it could potentially grant unauthorized entry to pivotal systems crucial for the company’s day-to-day operations.
Gitlab, Jira, Jenkins, and Confluence serve as indispensable tools for software development, project management, and internal collaboration within the organization. Unauthorized access could lead to data theft, manipulation, or even disruption of essential services.
Furthermore, the repercussions of this security threat extend beyond Darwinbox Digital Solutions Pvt Ltd, impacting the broader cybersecurity landscape in India. As a company operating within the Asia & Pacific (APAC) region, the compromise raises concerns about the overall security posture of organizations in this geographical area.
‘dawnofdevil’ Prior Claims
Before this incident, during the first week of December, ‘dawnofdevil’ claimed to have breached the security of the Income Tax Department of India, alleging access to an email account hosted on the incometax.gov.in domain.
The actor asserted that the compromised email could be exploited for registrations on various Indian government-affiliated websites using the ‘gov.in’ top-level domain, attaching a price tag of US$500 to the unauthorized access. However, this claim is yet to be verified.
Cybersecurity Imperative
This series of cyber threats highlights the critical need for organizations to adopt proactive cybersecurity measures. Continuous assessment and reinforcement of security protocols are imperative for safeguarding against evolving threats.
Organizations are urged to stay vigilant, update their security measures regularly, and collaborate with industry experts to mitigate risks and protect sensitive information.
The aftermath of these incidents is likely to stimulate a broader discourse on cybersecurity in the APAC region and emphasize the global necessity for robust measures against such evolving threats.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.