Unicoin 駭客入侵 Google Workspace 帳戶，導致員工數天無法進入

一名駭客入侵了 Unicoin 的 Google Workspace（以前稱為 G-Suite）帳戶，並更改了所有公司員工的密碼，導致他們數天無法使用公司帳戶。

A hacker managed to compromise Unicoin's Google Workspace (formerly G-Suite) account and changed the passwords for all company employees, an incident that locked them out of their corporate accounts for days on end.

一名駭客成功入侵 Unicoin 的 Google Workspace（以前稱為 G-Suite）帳戶，並更改了公司所有員工的密碼，這一事件導致他們連續幾天無法使用公司帳戶。

Unicoin is an asset-backed, audited, and publicly reporting cryptocurrency project. It is the official token of the “Unicorn Hunters” business series, focused on providing novel investment opportunities.

Unicoin 是一個由資產支持、經過審計且公開報告的加密貨幣項目。它是「獨角獸獵人」商業系列的官方代幣，專注於提供新穎的投資機會。

According to a filing with the U.S. Security and Exchanges Commission (SEC), after gaining access to the company's Google account, the threat actor proceeded to modify the passwords, thus denying employee access to all services in the environment, including Gmail and Drive.

根據向美國安全與交易委員會 (SEC) 提交的文件，在獲得公司 Google 帳戶的存取權限後，威脅行為者繼續修改密碼，從而拒絕員工存取環境中的所有服務，包括 Gmail 和 Drive。

Unicoin says that it managed to restore access for its staff to G-Suite about four days later, on August 13.

Unicoin 表示，大約四天后，也就是 8 月 13 日，它設法恢復了員工對 G-Suite 的訪問。

“On August 9, 2024, Unicoin Inc. detected an unknown threat actor had gained access to the Company’s Google G-Suite account and changed passwords of all users of the Company’s G-Suite products (i.e., G-Mail, G-Drive and other related G-Suite functionality), thereby denying access to all users having an “@unicoin.com” email address,” reads the SEC Form 8-K filing.

「2024 年8 月9 日，Unicoin Inc. 偵測到一名未知威脅行為者已獲得該公司Google G-Suite 帳戶的存取權限，並更改了該公司G-Suite 產品（即G-Mail、G-Drive和其他相關的 G-Suite 功能），從而拒絕所有擁有「@unicoin.com」電子郵件地址的用戶的訪問，」SEC 8-K 表格文件中寫道。

“On or about August 13, 2024, the company was able to remove the threat actor’s access to the G-Suite accounts and restore access to its internal users.”

“在 2024 年 8 月 13 日左右，該公司能夠刪除威脅行為者對 G-Suite 帳戶的訪問權限，並恢復對其內部用戶的訪問權限。”

During this time, the threat actor could freely access confidential information present in internal communications.

在此期間，威脅行為者可以自由存取內部通訊中存在的機密資訊。

The company is still assessing the extent and impact of the incident but has already found the following evidence of data access, manipulation, and fraud attempts:

該公司仍在評估該事件的範圍和影響，但已經發現了以下數據存取、操縱和詐欺企圖的證據：

Despite the breach of the company’s cloud environment for productivity and collaboration, Unicoin does not believe that the event will have a material impact on its financial status and has seen no evidence of crypto assets or cash losses linked to the event.

儘管該公司的雲端環境對生產力和協作造成了破壞，但 Unicoin 認為該事件不會對其財務狀況產生重大影響，並且沒有發現與該事件相關的加密資產或現金損失的證據。