Defion Security, a company marketing itself as a cybersecurity provider, has allegedly been compromised after an unnamed actor breached their infrastructure. The threat actor claims to have found and compromised three publicly accessible ESXi hosts, successfully escalating privileges to gain deep access to the company’s systems. After an alleged failed extortion attempt where the victim patched the vulnerability but did not respond, the actor is now attempting to sell the exfiltrated data to the highest bidder on a hacker forum.
The allegedly compromised data includes:
-
Full Splunk dump (believed to contain customer event logs)
-
Full ticketing system information (dump of all existing tickets)
-
PST and OST email files of most C-level employees
-
Private documents belonging to the company’s partners
-
Full backups of the three compromised ESXi hosts
Daily Dark WebRead More
R1
T1
