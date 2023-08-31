Network monitoring company LogicMonitor has confirmed that a “small number” of users of its SaaS platform have been targeted in cyberattacks. While the company did not confirm whether the attacks involved ransomware, anonymous sources familiar with the incidents reported that threat actors hacked customer accounts and deployed ransomware. The ransomware attacks were allegedly carried out using LogicMonitor’s on-premise Collector sensors, which have scripting functions. The attackers deployed scripts from the cloud-based platform to the on-premise Collectors and executed them locally. The attacks took place last week.

LogicMonitor stated that it is actively working with the affected customers to mitigate the impact of the attacks. The company’s spokesperson stated, “We are in direct communication and working closely with those customers to take appropriate measures to mitigate impact.”

Prior to the confirmation of the cyberattacks, LogicMonitor had announced that it was investigating “technical abnormalities” affecting customer accounts. The company had identified a loss of portal access for certain customers, but the issue has since been resolved.

An anonymous source informed TechCrunch that the hacked accounts were compromised due to weak default passwords assigned by LogicMonitor to new users. These default passwords were also automatically assigned to all other users created across the organizations, until they were changed. LogicMonitor customers expressed concerns that the company was sharing minimal information about the attacks and had not provided additional details about the number of impacted customers.

LogicMonitor’s network monitoring platform is utilized by over 25,000 users.

