A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show.
The packages are named execution-time-async, data-time-utils, login-time-utils, mongodb-connection-utils, and mongodb-execution-utils.
One of the packages in question, execution-time-async, masquerades as its legitimate

North Korean Hackers Targeting Developers with Malicious npm Packages

By Waqas
Friend or Foe?
This is a post from HackRead.com Read the original post: Russian Ministry Software Backdoored with North Korean KONNI Malware

Discover the latest cybersecurity revelation: KONNI malware, linked to North Korean cyber operations, targets the Russian Ministry of Foreign Affairs. Learn about the sophisticated tactics and geopolitical implications

German cybersecurity firm DCSO has discovered a malware sample uploaded to VirusTotal in January 2024, believed to be part of North Korea-linked activity targeting the Russian Ministry of Foreign Affairs (MID). The malware is believed to be **KONNI**, a North Korean nexus tool used since 2014.

KONNI, first **discovered in 2014**, is associated with the Democratic People’s Republic of Korea (DPRK)-nexus actors like Konni Group and TA406. The malware has unique stealer functionality and remote administration capability. It’s installed in an MSI file, with C2 servers encrypted with AES-CTR, and a CustomAction for detection and payload selection.

In the latest discovery, researchers noted that KONNI’s command set remains unchanged, allowing operators to execute commands, upload/download files, specify sleep intervals, communicate via HTTP, and compress file extensions into .CAB archives.

> #ShortAndMalicious  
> Our researchers recently discovered an installer for the mandatory 🇷🇺Russian tax filling software "Spravki BK" (Справки БК) which was backdoored with #KONNI malware, generally attributed to 🇰🇵North Korean threat actors. 1/5
> 
> — DCSO CyTec (@DCSO\_CyTec) October 17, 2023

Interestingly, the sample **DCSO analyzed** was delivered via a backdoored Russian language software installer, similar to a previously observed KONNI delivery technique. The sample was for a tool called “Statistika KZU”, which is believed to be intended for internal use within the Russian MID. The software is used for relaying annual report files from overseas consular posts to the MID’s Consular Department via a secure channel.

Additionally, two user manuals were found in the backdoored installer, detailing the installation and usage of the “Statistika KZU” program. The first manual explains installing the program on an administrative account, providing minimum software requirements and screenshots.

The second 22-pager manual, “StatRKZU\_Pyкoвoдcтвo,” outlines how to use the software for generating annual report files on KZU consular activities, including templates for calculating registered and detained citizens.

The MID’s software, identified as “GosNIIAS” (a Russian federal research institute primarily involved in aerospace research), was tested offline and found legitimate. Despite no direct correlations between GosNIIAS and Statistika KZU, references to contracts were found, including a procurement order for automated system maintenance and data protection software.

This discovery comes amid increasing geopolitical proximity between Russia and the DPRK, following Russia’s renewed invasion of Ukraine in 2022.

****Russia and North Korea’s Cyber Standoff****

This is not the first time Russia and North Korea have made collective headlines over cybersecurity threats. **In August 2023**, the world witnessed another significant incident when “elite North Korean hackers” affiliated with OpenCarrot and the Lazarus group breached NPO Mashinostroyeniya, a key Russian missile developer. This breach, lasting for at least five months, revealed the alarming capabilities and determination of the attackers.

****Previous Use of KONNI Backdoor****

KONNI has been used in many cyberespionage campaigns targeting Russian agencies. FortiGuard Labs discovered a KONNI malware campaign **in November 2023**, targeting Windows systems through Word documents with malicious macros. Malwarebytes researchers **discovered** a campaign in mid-2021 using Russian language lures concerning Russian-Korean trade and economic issues and a meeting of a Russian-Mongolian intergovernmental commission.

An unknown hacking group **targeted** North Korean organizations using KONNI Malware in 2017. Three campaigns were identified back then- two by Talos Intelligence, a Cisco-owned cybersecurity firm, and the third reported by Cylance security firm.

For insights into this, we reached out to John Bambenek, President at Bambenek Consulting, who emphasised that “It is not uncommon for intelligence agencies to spy even on their putative allies, if for nothing else, for insights to either strengthen the relationship or to identify and mitigate threats.”

Mr. Bambenek highlighted that “The use of a backdoor in software used almost exclusively by the Russian Foreign Ministry stands out and shows that the DPRK did their research here for a particular hook into their victims and is, ironically, a more targeted and precise adaptation of the approach Russian intelligence used with **NotPetya**.”

“Espionage has a couple of nuances where sometimes you want more sophisticated tools and for some attacks, you want narrow and simpler tools. For espionage, you want long-term persistent infection and sophisticated and interactive tools provide defenders more opportunities for detection. It’s not uncommon to see tools used for espionage that lack some of the obfuscation commonly observed in **cybercrime tools**,” he added.

****RELATED ARTICLES****

1.  **Gone: Russian Central Bank hacked; $31 million stolen**
2.  **2 Russian Industrial Firms Hacked, 112GB of Data Leaked**
3.  **Anonymous Leaks 128 GB of Data from Russian ISP Convex**
4.  **Elite North Korean Hackers Breach Russian Missile Developer**
5.  **Anonymous Hacks Central Bank of Russia; Leaks 28GB of Data**

Russian Ministry Software Backdoored with North Korean KONNI Malware

When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented.
Users are recommended to upgrade to version 4.0.0, which fixes this issue.

Skip to content

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-25141

**Improper Certificate Validation in apache airflow mongo hook**

High severity GitHub Reviewed Published Feb 20, 2024 to the GitHub Advisory Database • Updated Feb 21, 2024

**Package**

pip apache-airflow-providers-mongo (pip)

**Affected versions**

< 4.0.0

**Description**

Published to the GitHub Advisory Database

Feb 20, 2024

Last updated

Feb 21, 2024

GHSA-x5pm-h33q-cjrw: Improper Certificate Validation in apache airflow mongo hook

By Deeba Ahmed
From Banking Apps to Crypto Wallets: SpyNote Malware Evolves for Financial Gain.
This is a post from HackRead.com Read the original post: SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds

The notorious SpyNote Android spyware returns, exploiting Accessibility APIs to target crypto wallets and unsuspecting users, ultimately stealing their cryptocurrency.

The Android spyware SpyNote developers are now considering cryptocurrencies, extending beyond mere credentials spying to initiate cryptocurrency transfers, revealed the latest research report from FortiGuard Labs.

Researchers noted that Spynote, a notorious Remote Access Trojan (**RAT**), is now targeting “famous crypto wallets” by abusing the Accessibility API. The API’s job is to automatically perform UI actions, such as recording device unlocking gestures and is mainly helpful for people with disabilities.

The malicious code abuses the Accessibility API to automatically fill out a form and transfer cryptocurrency to cyber criminals. It reads and memorizes the destination wallet address and amount, and replaces it with the attacker’s crypto wallet address.

The information is sent to a remote server with which the malware has established a connection already to complete the action. It is worth noting that the entire act is completed automatically, without alerting the user.

According to Fortinet’s **blog post**, on 1st February, a malicious sample was found posing as a legitimate crypto wallet, incorporating SpyNote RAT and anti-analysis features. They also observed that threat actors are mainly targeting users with mobile crypto wallets or banking applications in this financially motivated, medium-severity hacking saga.

Researchers showed screenshots in which SpyNote malware can be seen requesting Accessibility Service and the user granting access with the Android OS displaying additional warnings. It is evident that clicking on “Allow” signals the malware to perform its nefarious action whereas clicking “Deny” prevents it from gaining access.

Screenshot: FortiGuard Labs

Hackread has been following the evolution of SpyNote ever since it made its first appearance **back in 2016** when Palo Alto’s Unit 42 discovered this RAT on a dark net forum mainly targeting users who install APK apps. Researchers noted that SpyNote helped attackers gain remote control of infected devices, and enabled sideloading on Android devices.

In 2017, Zscaler IT security researchers **discovered** fake apps infected with the SpyNote RAT, allowing attackers to gain remote administrative control on Android devices. Researchers identified various apps, including fake Netflix, WhatsApp, YouTube, Facebook, Photoshop, SkyTV, Hotstar, Trump Dash PokemonGo, etc., infected with a new variant of SpyNote RAT.

Over the years, SpyNote has become a common family of Android malware, with over 10,000 samples and multiple variants, noted FortiGuard researchers.

Last year, the malware authors shifted focus to banking fraud, as the Cleafy Threat Intelligence Team **reported** SpyNote targeting European financial institutions with social engineering tactics and abusing Accessibility services. The attack started with deceptive smishing campaigns, directing victims to install a “new certified banking app” and granting remote access to their devices.

It is worth noting that malware often lures victims into giving them the necessary rights to access the Accessibility API through different lures, posing a threat to users, especially people with disabilities.

Android users are advised to pay attention to applications requesting the Accessibility API. End-users should treat these requests as suspicious, especially from alleged crypto wallets, PDF readers, and video players.

****RELATED ARTICLES****

1.  **Watch out: New Android spyware records your calls covertly**
2.  **LetMeSpy Android Spyware Service Shuts Down After Data Breach**
3.  **Confucius Android spyware hits military, nuclear entities in Pakistan**
4.  **Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices**
5.  **Hackers spread Android spyware through Facebook using Fake profiles**

SpyNote Android Spyware Poses as Legit Crypto Wallets, Steals Funds

Red Hat Security Advisory 2024-0193-03 - An update is now available for Red Hat OpenShift Container Platform 4.13.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0193.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: OpenShift Container Platform 4.13.29 bug fix and security update  
Advisory ID:        RHSA-2024:0193-03  
Product:            Red Hat OpenShift Enterprise  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0193  
Issue date:         2024-01-20  
Revision:           03  
CVE Names:          CVE-2021-20329  
====================================================================

Summary: 

An update is now available for Red Hat OpenShift Container Platform 4.13.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.29. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHSA-2024:0195

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* mongo-go-driver: specific cstrings input may not be properly validated (CVE-2021-20329)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://docs.openshift.com/container-platform/4.13/release_notes/ocp-4-13-release-notes.html

CVEs:

CVE-2021-20329

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=1971033  
https://bugzilla.redhat.com/show_bug.cgi?id=2243296  
https://issues.redhat.com/browse/OCPBUGS-19658  
https://issues.redhat.com/browse/OCPBUGS-23483  
https://issues.redhat.com/browse/OCPBUGS-25988

Red Hat Security Advisory 2024-0193-03

By Deeba Ahmed
The police arrested two suspects in Beijing and two in Inner Mongolia.
This is a post from HackRead.com Read the original post: China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

The individuals confessed to creating variations of ransomware, enhancing the software through the utilization of OpenAI’s ChatGPT, carrying out vulnerability scans, infiltrating networks to secure access, deploying ransomware, and engaging in extortion.

Chinese media has reported the country’s first major step towards countering the use of ChatGPT as four Chinese individuals have been arrested for developing ransomware using ChatGPT. This is the country’s first instance involving the popular yet officially banned chatbot.

The arrests should not come as a surprise, as cybercriminals have been eager to exploit the AI chatbot for malicious purposes. Those who could not exploit it have created their own versions of the malicious ChatGPT, infamously known as WormGPT and FraudGPT.

According to the South China Morning Post (SCMP), the cyber attackers came under the authorities’ radar after an unidentified company in Hangzhou reported a cybercrime. The hackers demanded 20,000 Tether to unblock/restore access to their systems.

In late November 2023, the police arrested two suspects in Beijing and two in Inner Mongolia. The suspects admitted to writing ransomware versions, optimizing the program using the popular chatbot, conducting vulnerability scans, infiltrating networks to gain access and implanting ransomware, and performing extortion.

The use of ChatGPT, a chatbot developed by OpenAI, is prohibited in China as part of Beijing’s initiatives to limit access to foreign generative artificial intelligence products. In response, China has introduced its own version of ChatGPT named Ernie Bot. However, the report does not provide clear information on whether utilizing ChatGPT is subject to legal charges in China.

According to SCMP’s report, three of the detainees were previously implicated in other criminal activities, including spreading misinformation and selling stolen CCTV footage through deep fake technology.

Despite OpenAI blocking internet protocol addresses in China, Hong Kong, and sanctioned regions such as North Korea and Iran, certain users find ways to bypass these restrictions by using VPNs and obtaining phone numbers from supported areas. However, engaging in such circumvention practices may expose users to potential legal consequences.

Legal cases involving the use of generative AI have increased in China due to its mass popularity and potential for crimes. In May 2023, reportedly, a man was detained in Gansu province for allegedly using ChatGPT to spread fake news about a train crash.

****_RELATED ARTICLES_****

1.  **Why are Google and Facebook banned in China?**
2.  **List of Eight Popular websites That are Banned in China**
3.  **China arrests 11 for infecting 250M devices with Fireball malware**
4.  **Hackers Claiming to Jailbreak AI Chatbots to Write Phishing Emails**
5.  **Researchers Leverage ChatGPT to Expose Notorious macOS Malware**

China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

By Deeba Ahmed
The latest Xfinity data breach is linked to the critical Citrix Bleed vulnerability.
This is a post from HackRead.com Read the original post: Xfinity Rocked with Data Breach Impacting 36 Million Users

Comcast Cable Communications, LLC, operating under the brand name Xfinity, has suffered a massive data breach affecting 36 million users.

Comcast\-owned brand Xfinity has initiated the process of notifying its customers about a significant data breach impacting tens of millions of users. The data breach is linked to the critical vulnerability in Citrix software.

It is worth noting that in November 2023, the cybersecurity firm Mandiant, owned by Google, released its findings, issuing a warning to companies about the active exploitation of the Citrix vulnerability. The report indicated that not one, but four uncategorized threat actor groups were involved in the exploitation.

The telecommunication giant, which offers a wide range of services including internet, TV, and phone, stated in the notice sent on Monday that hackers exploited a software vulnerability to access its customers’ personal information.

Xfinity discovered the suspicious activity on October 25, and by December 6 it determined that compromised data may include usernames, hashed passwords, last four digits of Social Security numbers, account security questions, birthdates, and contact information.

According to a breach notification filed with the Maine Attorney General, the breach affected around 35.9 million user accounts, representing a significant portion of its overall user base, which comprises 32 million broadband users. 

Cloud computing firm Citrix discovered a vulnerability (CVE-2023-4966) dubbed Citrix Bleed in early October, which affected products used by companies like Xfinity.

It is worth noting that in November 2023, the cybersecurity firm Mandiant, owned by Google, released its findings, issuing a warning to companies about the active exploitation of the Citrix vulnerability.

The report revealed that four uncategorized threat actor groups were involved in exploiting the vulnerability. This vulnerability affects NetScaler ADC and Gateway appliances, allowing them to manipulate user sessions without requiring authentication measures. The same vulnerability was previously linked to hacks targeting the Industrial and Commercial Bank of China’s New York branch and a Boeing subsidiary.

Xfinity patched the vulnerability, but unauthorized access to its internal systems led to data compromise by mid-November. In its official statement, Xfinity’s spokesperson stated that there is no evidence of customers’ data being leaked or targeted attacks.

“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers.”

Nevertheless, all Xfinity customers are urged to reset their passwords and are advised to use two-factor authentication for added security.

In a comment to Hackread.com, Immersive Labs’ Director of Cyber Threat Research Kev Breen warned companies to timely patch security vulnerabilities as threat actors are quick to exploit them.

“In 2022, the median time to exploitation was one day from exploitation, while the timing of public patches was on average 7 days. This year we’ve consistently seen recently disclosed vulnerabilities and zero days actively exploited in the wild by threat actors at scale.”

Breen also argued the culture of non-existing cybersecurity and vulnerability disclosure-related transparency, despite the US government’s strict and recent policies holding software companies liable for data breaches.

“Despite government intervention to try and strengthen transparency and guidance around cybersecurity practices, many standard implementations still haven’t kept pace. For example, FedRAMP guidelines say organizations have 30 days to remediate high-risk threats — yet attackers just need one day to discover a vulnerability and take advantage to wreak havoc on systems and cause costly damage to organizations.”

This, however, is not the first time Comcast has made headlines for data breaches. In November 2015, the company discovered that 200,000 user login credentials, including email addresses and passwords, were leaked and being sold on the dark web. The company attributed the incident to customers falling victim to malware and phishing attacks.

As for the latest data breach, Comcast, under new Securities and Exchange Commission rules, must disclose cybersecurity breaches affecting their bottom line within four days but has not yet filed such a report, according to The Associated Press.

****_RELATED ARTICLES_****

1.  **US aerospace services provider data breach loses 1.5 TB of data**
2.  **Mortgage Giant Mr. Cooper Data Breach; 14 Million Users Impacted**
3.  **Hackers Leak Thousands of Idaho National Lab Employees’ PII Data**
4.  **Sony Data Breach via MOVEit Vulnerability Affects Thousands in US**
5.  **Hackers Access User Info, Corporate Systems in MongoDB Data Breach**
6.  **Delta Dental Hit with 7 Million User Data Breach in MOVEit-Linked Attack**

Xfinity Rocked with Data Breach Impacting 36 Million Users

MongoDB has warned customers about a data breach that leaked information about their customers. The incident is under investigation.

Database provider MongoDB has posted a security notice about a security incident in which attackers obtained unauthorized access to some of its corporate systems. The targeted system contained customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer.

That customer has been notified separately and there is no evidence that any other customers’ system logs were accessed. MongoDB said there is no evidence of unauthorized access to Atlas clusters since that would require compromise of the separate Atlas cluster authentication system.

On Wednesday December 13, 2023, MongoDB’s staff detected suspicious activity and began an investigation. The investigation is ongoing, but it appears that the unauthorized access was going on for “some period of time” before discovery.

In emails sent to MongoDB customers, MongoDB advises users to be alert about phishing and social engineering attacks that might use the leaked customer metadata to gain credibility.

Scammers often try to take advantage of data breaches. They know that the breached company is likely to be contacting victims, and that the victims will be looking out for emails from the company. It’s easy to spoof an email to make it look like it comes from somewhere else, and then send someone malware or a link to a phishing site.

Users are also advised to rotate database passwords and enable multi-factor authentication (MFA).

If you suspect you might be affected by this data breach, you may want to keep an eye on the alert page with additional information as MongoDB continues to investigate the matter. And if there is anything important, we will update this article.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 MongoDB warns customers about data breach after cyberattack 

By Waqas
MongoDB updated its status alert page with new details about the incident on December 17, 2023, at 9:00 PM EST.
This is a post from HackRead.com Read the original post: MongoDB Breach Update: Names, Emails Exposed, Atlas Secured

Stay informed about MongoDB’s response to unauthorized access in certain corporate systems, involving exposure of customer data like names, phone numbers, and email addresses.

In a recent update regarding the security incident at **MongoDB**, the company has released information that as of 9:00 PM EST on December 17, 2023, there is no evidence of unauthorized access to MongoDB Atlas clusters.

MongoDB’s Chief Information Security Officer (CISO), Lena Smart, assured users that no security vulnerabilities have been identified in any MongoDB product as a result of the incident.

The security breach, initially detected on December 13, 2023, and **exclusively reported by Hackread.com**, involved unauthorized access to certain MongoDB corporate systems, leading to the exposure of customer account metadata and contact information. However, MongoDB now confirms that their investigation has found no indication that the authentication system for MongoDB Atlas clusters has been compromised.

The MongoDB Atlas cluster access is authenticated through a separate system from MongoDB corporate systems. This segregation of systems ensures an additional layer of security for customer data stored in MongoDB Atlas, and the company emphasizes that no evidence of compromise has been identified in this crucial authentication process.

“To be clear, we have not identified any security vulnerability in any MongoDB product as a result of this incident,” the company restated.

The accessed corporate systems contained customer names, phone numbers, email addresses, and other customer account metadata. MongoDB has taken steps to notify the affected customers promptly. Notably, the company has identified system logs access for one customer, but no evidence suggests that the system logs of any other customers were compromised.

The investigation into the security incident is ongoing, and MongoDB is actively collaborating with relevant authorities and forensic firms to gather further insights. The company has committed to keeping its users informed by updating the **alert page** with additional information as the investigation progresses.

MongoDB encourages users to remain vigilant for potential social engineering and phishing attacks, especially given the accessed customer account metadata and contact information. As a precautionary measure, MongoDB advises all customers, if not already implemented, to activate phishing-resistant multi-factor authentication (**MFA**) and regularly rotate passwords.

MongoDB users are urged to be watchful for **phishing emails** that may falsely claim to originate from the company, claiming to provide new updates. However, the actual motive could be to exploit the situation and attempt to steal user data.

****_RELATED ARTICLES_****

1.  **47% of online MongoDB databases hacked demanding ransom**
2.  **11 million personal unprotected MongoDB records leaked online**
3.  **Ride-hailing app leaks data of millions of Iranians from MongoDB**
4.  **Unprotected MongoDB leaks resume of 202M Chinese job seekers**
5.  **Hackers leave ransom note after wiping out MongoDB in 13 seconds**

MongoDB Breach Update: Names, Emails Exposed, Atlas Secured

MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information.
The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response

Cyber Attack / Data Security

MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information.

The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response efforts.

It further noted that "this unauthorized access has been going on for some period of time before discovery," but emphasized it's not "aware of any exposure to the data that customers store in MongoDB Atlas.". It did not disclose the exact time period of the compromise.

In light of the breach, MongoDB recommends that all customers be on the lookout for social engineering and phishing attacks, enforce phishing-resistant multi-factor authentication (MFA), as well as rotate their MongoDB Atlas passwords.

That's not all. The company said it's also experiencing elevated login attempts that are causing issues for customers attempting to log in to Atlas and our Support Portal. It, however, said the problem is unrelated to the security event.

The Hacker News has reached out to MongoDB for additional comments, and we will update the story if we hear back.

_(This is a developing story. Please check back for more updates.)_

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Tag

#mongo