Scribd Logo
Upload

Welcome to Scribd!

  • Threat Intelligence Summary (Uber)

    Uploaded by

    reza maulidin
    21 views10 pages
    An unknown bad actor exploited multiple authentication methods to gain access to Uber's internal systems, stealing customer and source code data. The attacker used an MFA fatigue attack to access Uber's Slack, Google Workspace, AWS, HackerOne, SentinelOne, and vSphere accounts. An 18-year-old alleged hacker named "teapotuberhacker" is believed to be responsible for the breach.

    Original Description:

    Original Title

    Threat intelligence summary (uber).pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    An unknown bad actor exploited multiple authentication methods to gain access to Uber's internal systems, stealing customer and source code data. The attacker used an MFA fatigue attack to access Uber's Slack, Google Workspace, AWS, HackerOne, SentinelOne, and vSphere accounts. An 18-year-old alleged hacker named "teapotuberhacker" is believed to be responsible for the breach.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views10 pages

    Threat Intelligence Summary (Uber)

    Uploaded by

    reza maulidin
    An unknown bad actor exploited multiple authentication methods to gain access to Uber's internal systems, stealing customer and source code data. The attacker used an MFA fatigue attack to access Uber's Slack, Google Workspace, AWS, HackerOne, SentinelOne, and vSphere accounts. An 18-year-old alleged hacker named "teapotuberhacker" is believed to be responsible for the breach.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    UBER DATA BREACH BY

    UNKNOWN BAD ACTOR


    SEPTEMBER 29, 2022
    Transportation Company
    WHATS HAPPEN?
    INCIDENT INFORMATION
    MFA FATIGUE ATTACK (CREDENTIAL ACCESS)

    Attacker got access:


     Slack account
     Google workspace admin
     AWS account
     HackerOne admin
     SentinelOne EDR
     Vsphere
     Financial Dashboard
    INCIDENT INFORMATION
    STOLE DATA (EXFILTRATION)

    Attacker got access:


     Customer data
     Source code
     More valuable aset
    WHO’S THE ACTOR?

    • Allegedly 18 years old Bad actor

    "teapotuberhacker"
    THANK YOU!
    REFERENCES

    • https://www.bleepingcomputer.com/news/security/mfa-fatigue-hackers-new-favorite-tactic-in-high-pro
    file-breaches
    /
    • https://socradar.io/hacker-breached-nearly-entire-uber-it-system/
    • https://attack.mitre.org/techniques/T1621/
    • https://securityaffairs.co/wordpress/135876/data-breach/uber-data-breach-update.html
    • https://
    portswigger.net/daily-swig/mfa-fatigue-attacks-users-tricked-into-allowing-device-access-due-to-overlo
    ad-of-push-notifications
    • https://www.darkreading.com/attacks-breaches/rockstar-games-confirms-grand-theft-auto-6-breach

    You might also like