Pilfered Jira credentials leveraged in HellCat ransomware attacks

Hackread reports that four U.S. and European companies have been compromised by the HellCat ransomware-as-a-service operation in attacks that exploited information-stealing malware-harvested Atlassian Jira credentials. Infostealers Lumma Stealer, Raccoon, Redline, and StealC facilitated the theft of credentials later used to steal data from Jira systems belonging to U.S. scholarly publishing service provider HighWire Press, U.S. customer communications tech firm Racami, leading Polish IT solutions company Asseco Poland, and Swedish online gaming firm LeoVegas Group, according to an analysis from Hudson Rock. Such a technique has already been used by HellCat in intrusions against Ascom, Jaguar Land Rover, Schneider Electric, Telefnica, and Orange Group, among others. HellCat's persistent targeting of vulnerable Jira systems with infostealer-pilfered credentials should prompt organizations to be vigilant of any compromised credentials and bolster the security defenses of their Jira instances through access restrictions, multi-factor authentication, and network segmentation, said researchers.