Electronic signature service says hackers stole email addresses to use in phishing scheme
The company noted that its researchers do not believe there is a connection between this attack and the massive WannaCry hacking launched last Friday that has infected an estimated 300,000 computers worldwide.
Docusign also said hackers stole only email addresses, not names, passwords, physical addresses or credit card data.
It appears the attack was part of a “phishing” scheme in which hackers send an email to a victim pretending to be a legitimate service. When the email is opened, malicious software is installed on the victim’s computer.
“The emails ‘spoofed’ the DocuSign brand in an attempt to trick recipients into opening an attached Word document that, when clicked, installs malicious software,” the company said in a statement. “As part of our process in response to phishing incidents, we confirmed that DocuSign’s core eSignature service, envelopes and customer documents remain secure.”
Cybersecurity researchers remained puzzled by WannaCry -- a type of ransomware in which hackers lock down a victim’s computer and charge ransom before decrypting it. The attackers targeted outdated versions of Microsoft’s Windows operating system.
In searching through the virus’ coding, researchers found the programming had elements similar to hacking tools widely believed to be used by North Korean hackers. L
Cybersecurity company Symantec said late Monday that early versions of WannaCry had similarities to coding linked to the Lazarus Group, a coterie of hackers linked to the massive attack on Sony Pictures Entertainment.
Symantec and other companies cautioned that the similarities do not necessarily mean North Korea is behind WannaCry.
“The Lazarus tools could potentially have been used as method of propagating WannaCry, but this is unconfirmed,” Symantec said.