LastPass Breach: The Pyramid of Pain Perspective
Mining LastPass communications for new cloud IOCs
In this blog published in the Vectra AI Research space, each piece of LastPass communications is dissected for new pieces of intel and indicators are evaluated against the pyramind of pain model.
In my evaluation of publicly available intel, I follow closely the advice given by author of the Pyramid of Pain, David Bianco’s “Whenever you receive new intel on an adversary (whether it be APT1/Comment Crew or any other threat actor), review it carefully against the Pyramid of Pain. For every paragraph, ask yourself ‘Is there anything here I can use to detect the adversary’s activity, and where does this fall on the pyramid?’”