It is possible that this attack was the result of Info-stealing malware. According to cybersecurity firm Kela, a large amount of data being shared on the Darknet was advertised as login credentials for Indigo that were stolen by info-stealing malware. Such malware looks for sensitive information on the infected system and also collects details about the machine. Threat actors behind the malware can then use stolen information such as credentials to carry out cyberattacks. It is highly recommended that organizations engage in a defense in depth approach that focuses on detecting post compromise activities. Binary Defense’s MDR and Threat Hunting offerings are an excellent solution to assist in such a program.
https://www.bleepingcomputer.com/news/security/largest-canadian-bookstore-indigo-shuts-down-site-after-cyberattack/
