Entrust, the digital security giant, recently confirmed that it had been struck by a targeted cyberattack. The hit involved threat operators breaching the security firm’s network and stealing data from its internal systems.

Specialists in identity and online trust management technology, Entrust offers a wide range of dedicated services, including secure communications and encrypted digital payments, along with ID issuance solutions. As a result, while it will depend on the nature of the data exfiltrated by attackers, the breach could potentially affect several sensitive and critical organisations that employ Entrust services for authentication and identity management.

Entities using Entrust include multiple US governmental agencies like the Department of Health & Human Services, the Department of Energy, the Department of the Treasury (DoT), Department of Homeland Security (DHS), the Department of Veterans Affairs and the Department of Agriculture.

June network breach

Recent evidence suggests that the internal network of Entrust was first breached back in June and corporate data was taken in the attack. However, the data was not confirmed to the public until July 6, when a security notification was issued to its customers.

The notice was sent by Todd Wilkinson, CEO at Entrust, and explained:

“I am writing to let you know that on June 18, we learned that an unauthorized party accessed certain of our systems used for internal operations. We have been working tirelessly to remediate this situation since that moment. The first thing I want to tell you is that, although our investigation is ongoing, we have found no indication to date that the issue has affected the operation or security of our products and services.”

The notice also confirmed that the data was stolen from the internal systems retained by Entrust. However, at present it remains unknown if this system contains strictly corporate data or information that also belongs to vendors and customers.

The security notice also confirmed that files were removed from the system and that as the investigation progresses, it will keep customers up to date with its findings. It states that it will contact customers directly if it learns of any developments that could impact the security of the services and products supplied to them by Entrust.

Analysis of an attack

According to Entrust, it is presently collaborating with a leading expert in cybersecurity and US law enforcement agencies to investigate the act of infiltration and the data taken. Despite this process, Entrust, has confirmed that none of its ongoing operations have been impacted.

While no direct details have yet been revealed regarding the attack, computer help site Bleeping Computer recently uncovered that an infamous ransomware operation is behind the breach. At present, it is unclear if the company’s devices were encrypted in the attack. Malicious operators often steal data prior to launching their crypto-malware so that it can be used to add pressure on victims to pay via double-extortion schemes. If a company refuses to give into a ransomware gang’s demands, it will threaten to make the sensitive data public online.