Employees of the Any.Run malware analysis service were recently targeted in a phishing attack that was part of a BEC campaign.

The post Malware Sandbox Any.Run Targeted in Phishing Attack appeared first on SecurityWeek.

ANY.RUN has disclosed a recent cybersecurity incident in which one of its employees fell victim to a sophisticated phishing attack, potentially compromising sensitive information. ANY.RUN is an online malware analysis environment that helps researchers study and simulate the creation of malware and threat processes in real time. While the full extent of the breach is still under investigation, ANY.RUN affirmed its commitment to transparency and stated that it would provide regular updates on the incident as they work to mitigate potential damage.

ANY.RUN Employee Email Compromise

[caption id="attachment_78600" align="alignnone" width="531"] Source: X.com (@anyrun_app)[/caption] According to a post on X from the company's official handle, the attack originated from a compromised customer account, which had been used to send a convincing phishing email to a staff member. This led to unauthorized access to the employee's email account. Subsequently, the attacker forwarded a phishing message to contacts within the compromised email address book. ANY.RUN stated that it had already notified data controllers of affected individuals and is working closely with them to address any concerns. They emphasized that the compromised employee did not have access to the production environment or any code base, which limits the potential scope of the breach.

ANY.RUN Response and Next Steps

Upon discovery of the incident, ANY.RUN took steps to minimize possible compromise and share details about the incident. An ongoing investigation is being done to determine the full impact of the breach and gather additional details. While the comprehensive report, the company has assured its customers that they are taking the matter seriously. In the coming days and weeks, ANY.RUN would work to: 1. Continue their investigation and analysis of the incident 2. Provide regular updates on their progress 3. Compile a detailed report of their findings The company acknowledges that many questions remain unanswered at this stage. However, they are committed to keeping all parties informed throughout the process. Customers appear to have viewed the effort at communication positively, highlighting it as an example of transparency around cybersecurity incident reporting and disclosure. The incident serves as a stark reminder that even companies working in the cybersecurity industry remain a potential target for attacks. Last year, Okta, a provider of identity and access management software, had suffered a security incident in which attackers had managed to access its support incident management through the use of stolen credentials. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.