Sisense, a business analytics software company whose clients include some of the biggest names in business, recently suffered a breach, prompting U.S. cybersecurity officials to issue a warning Thursday alerting its customers to the issue.
Details of the attack are not yet clear, but the breach exposed hundreds of Sisense customers to supply chain attacks and may have given the attackers a door into the company's customer network, people familiar with the investigation said. told CyberScoop.
It is also not yet clear how many companies are at risk, whether the attackers had access to Sisense's customer networks, and who carried out the attack.
The Cybersecurity and Infrastructure Security Agency said in an advisory Thursday that it is “working with private industry partners to respond to recent breaches discovered by independent security researchers affecting Sisense.” .
This alert advises Sisense customers to reset their credentials that “may have been exposed to or used to access Sisense services” and to We encourage you to report any suspicious activity related to credentials used for CISA to CISA.
In an email alert sent to Sisense customers late Wednesday, seen by Cyberscoop, the company warned that “certain Sisense company information has been reported to be on a restricted-access server (not generally available on the Internet). “We are aware of reports that the information may have been disclosed to the public where it has been disclosed.” ). ”
The warning urges customers to “promptly rotate the credentials used within Sisense applications.”
Sisens did not respond to multiple requests for comment Wednesday.
According to the company's website, Sisense is used by more than 2,000 companies worldwide in finance, healthcare, retail, manufacturing, media and entertainment, marketing, and technology. The company's customers include Verizon, Air Canada, and Nasdaq, but there is no evidence yet that their networks were exposed in this attack.
Targeting software-as-a-service platforms is a tactic exploited by both state-sponsored operations and criminal and financially motivated attacks.
For example, a 2023 operation related to North Korea targeted the video conferencing and online communications platform 3CX after one of its employees downloaded a compromised version of the financial trading software X_Trader. , this platform has been compromised. In another example from 2023, attackers exploiting the CL0P ransomware variant targeted vulnerabilities in his MOVEit file transfer software, ultimately compromising thousands of companies and obtaining data from tens of millions of people. There was a possibility.
In another example, attackers associated with a vague cybercrime ecosystem known as Scattered Spider exploited access to the authentication platform Okta and customer credentials to target multiple international companies, including MGM Resorts and Caesars Entertainment. I made it.
