Incident Score: Analysis & Impact (GOOMICMED1777653188)

Rankiteo's analysis has identified several MITRE ATT&CK tactics and techniques associated with this incident, each with varying levels of confidence based on available evidence. Under the Initial Access tactic, the analysis identified Supply Chain Compromise (T1195) with high confidence (90%), supported by evidence indicating vimeo confirmed a supply-chain breach at analytics vendor Anodot, Phishing (T1566) with high confidence (90%), supported by evidence indicating lazarus Group targeting crypto executives via fake Zoom and Teams invites, Exploit Public-Facing Application (T1190) with moderate to high confidence (80%), supported by evidence indicating google patched 30 Chrome flaws, including four critical RCE bugs, and Valid Accounts (T1078) with moderate to high confidence (80%), supported by evidence indicating aDT breach via compromised Okta SSO credentials. Under the Execution tactic, the analysis identified User Execution: Malicious Link (T1204.001) with moderate to high confidence (80%), supported by evidence indicating phishing campaigns via fake Zoom and Teams invites and Exploitation for Client Execution (T1203) with moderate to high confidence (70%), supported by evidence indicating windows Shell spoofing bug (CVE-2026-32202) leaking password hashes. Under the Credential Access tactic, the analysis identified Container API (T1552.007) with moderate to high confidence (80%), supported by evidence indicating clickUp leaked nearly 900 emails due to a hard-coded API key, Credentials from Password Stores (T1555) with moderate to high confidence (70%), supported by evidence indicating aDT breach via compromised Okta SSO credentials, and Brute Force (T1110) with moderate confidence (60%), supported by evidence indicating password hashes leaked via Windows Shell spoofing bug. Under the Discovery tactic, the analysis identified Account Discovery (T1087) with moderate to high confidence (70%), supported by evidence indicating corporate emails and user metadata exposed in breaches. Under the Collection tactic, the analysis identified Data from Local System (T1005) with high confidence (90%), supported by evidence indicating 5.5 million ADT users data compromised via Salesforce cloud and Data from Information Repositories (T1213) with moderate to high confidence (80%), supported by evidence indicating user metadata accessed in Vimeo breach via Anodot. Under the Exfiltration tactic, the analysis identified Exfiltration Over C2 Channel (T1041) with moderate to high confidence (80%), supported by evidence indicating shinyHunters group accessed user metadata in Vimeo breach and Exfiltration Over Alternative Protocol (T1048) with moderate to high confidence (70%), supported by evidence indicating data breaches at Itron and Medtronic linked to ShinyHunters. Under the Command and Control tactic, the analysis identified Application Layer Protocol (T1071) with moderate to high confidence (70%), supported by evidence indicating phishing campaigns via fake Zoom/Teams invites (Lazarus Group). Under the Impact tactic, the analysis identified Data Destruction (T1485) with moderate confidence (50%), supported by evidence indicating high identity theft risk noted in breaches. These correlations help security teams understand the attack chain and develop appropriate defensive measures based on the observed tactics and techniques.