Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
“Current evidence indicates that this information came from Checkmarx’s GitHub repositories, and that access to the site was enabled during the first attack on March 23, 2023,” Checkmarx said on Monday. The company did not say what types of data were released.
Checkmarx is not the only security company suffering from the effects of the Trivy breach. Socket he said that another security company, Bitwarden, was also involved in the same attack. Socket ties the Bitwarden breach to the Trivy campaign because the payment used the same C2 and its base as the Checkmarx malware.
The Trivy attack was carried out by a group calling itself TeamPCP. The group is among the most successful brokers, a group of hackers who hack and steal information from victims and then sell it to other hackers. The key to its rise is targeting tools that already have access to it.
In the case of Checkmarx, it appears that TeamPCP sold the access information to Lapsu$, an organized ransom group. especially young people he is best known for his ability to break down big companies such as sarcasm and braggadocio after winning.
The incident shows the negative consequences that a breach can have. Both Checkmarx and Bitwarden are affected, it is possible that there will be new threats to their customers or partners, and that more and more disruptions may result from this. Socket CEO Feross Aboukhadijeh said in an email that security agencies are targeting them because of their close proximity to sensitive data and their pervasiveness on the Internet.
“You’ll see these same threads throughout the process,” Aboukhadijeh said. “Criminals are seeing security tools as a target and a delivery system. They’re attacking things that are supposed to protect the chain, then they’re using those things to steal information and move it to someone else.”
