A recent attack on Reddit is an offshoot of a previous incident where an employee fell for a sophisticated spear phishing attack, leading to the leak of some vital information that was never intended to be shared with a third party. According to a spokesperson from Reddit, the company’s intranet gateway was impersonated by an attacker who had a website set up to extract information and two-factor authentication tokens. Although the extent of the security breach was not quantified, the attacker successfully phished one of Reddit’s employees and accessed some code, classified documents, internal dashboards, and business systems.
Further investigations into the incident have proven that the attacker couldn’t have succeeded in spoofing the intranet gateway without any concrete knowledge of Reddit’s gateway setup, its functionality, and its use by Reddit’s staff. This also suggests the possibility of an insider’s involvement in the crime.
Despite claims by Reddit that no production systems were accessed and no serious damage was caused during, and after the attack, it could be assumed that the perpetrator of the attack could be an initial access broker because of the level of expertise exercised during the attack.
It can also be assumed that the attacker aimed only for a specific set of people in the company. Most likely those on the production side or the developers because the attacker’s actions were specific and direct.
Despite everything that happened during and after the attack, Reddit assures all users maximum protection of their data at all times and makes a continuous effort to sensitize employees more on such sophisticated attacks against future actions.