According to its own information, the IT security service provider Entrust was the victim of a cyber attack. Specific effects for customers are currently unknown.
The US IT security service provider Entrust has fallen victim to a cyber attack. Attackers gained access to the corporate network and copied internal data. The attack happened last month. The company recently informed its customers about this in a letter published on Twitter. Bleeping Computer reports on this.
Internal systems accessed
According to the report, unauthorized persons gained access to the Entrust corporate network on June 18 and obtained data from the internal systems. It was not until July 6 that Entrust wrote to its customers and informed them of the incident. In the letter, which IT security specialist Dominic Alvieri published on Twitter on Thursday, Entrust President and CEO Todd Wilkinson reports that intruders have gained access to systems used for internal operations. The investigating authorities have already been informed and are working with a special company to investigate the incident.
At this point in time – i.e. on July 6 – there are no indications that unauthorized access to the Entrust network is still taking place. “Some files” are affected. Individual customers will be contacted if their safety is affected by the incident. In addition, according to the current state of knowledge, the operation and security of the IT systems for the Entrust services are not affected. Entrust confirmed to Bleeping Computer that these systems are operated in isolation at another location and are fully operational.
Entrust does not go into detail in the letter to its customers or to Bleeping Computer as to which data could have been copied and who was behind the attack. However, a well-known ransomware group is said to be behind it, but it is unknown whether local data was also encrypted after access in order to blackmail Entrust. The ransomware group may have obtained compromised access data from Entrust employees and gained access to the internal network, suspects security specialist Vitali Kremez.
The global company Entrust specializes in IT security services: identity management, secure infrastructure, PKI and cryptography. It also has a branch in Germany. Among other things, Entrust works with a number of US authorities and is active in critical areas such as identity verification and payment transactions. Because Entrust does not provide any information about which data the attackers had access to, the possible impact on the customer’s infrastructure cannot yet be foreseen.
