ExtraHop recently became aware of a phishing attempt targeting customers, ExtraHop employees, and prospective employees. The phishing attempt leverages the ExtraHop name and the fraudulent domain “extrahopcareers.com” to trick victims into sharing sensitive information.

No ExtraHop data, systems, or customer data has been impacted by this event, nor has any breach of our internal systems occurred as a result.

Response Measures

ExtraHop has taken a number of measures to protect customers, employees, prospective employees, and the public:

1. We blacklisted the fraudulent domain, extrahopcareers.com, to prevent employees from accessing it.
2. We reported the fraudulent domain to both the hosting company and federal law enforcement, and the hosting company suspended the domain. ExtraHop security operations team is actively assisting the hosting company with an investigation into the domain and the perpetrators.
3. The product management team at ExtraHop added the malicious domain to the threat intelligence feed in RevealX, so RevealX will generate a detection if a connection occurs in a customer’s environment.
4. The ExtraHop security operations team has initiated continuous monitoring for any unusual activity or additional phishing attempts.

Additional Actions and Recommendations

We urge customers and partners to block the domain extrahopcareers.com. We also urge customers to watch out for detections in RevealX indicating devices in their environment are connecting to this domain.

Additionally, we ask everyone to let us know if you receive an email message from “extrahopcareers.com” or any other suspicious email potentially spoofing our name. If so, reach out to us at security-incident-reporting@extrahop.com.

Finally, if you’re interested in working for ExtraHop, visit our careers page.

ExtraHop remains dedicated to protecting our community, protecting the general public, ensuring our customers are cyber-secure, and bringing cybercriminals to justice.