Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

/0 Comments/in /by

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned.

Austin, Texas-based SolarWinds disclosed this week that a compromise of its software update servers earlier this year may have resulted in malicious code being pushed to nearly 18,000 customers of its Orion platform. Many U.S. federal agencies and Fortune 500 firms use(d) Orion to monitor the health of their IT networks.

On Dec. 13, cyber incident response firm FireEye published a detailed writeup on the malware infrastructure used in the SolarWinds compromise, presenting evidence that the Orion software was first compromised back in March 2020. FireEye said hacked networks were seen communicating with a malicious domain name — avsvmcloud[.]com — one of several domains the attackers had set up to control affected systems.

As first reported here on Tuesday, there were signs over the past few days that control over the domain had been transferred to Microsoft. Asked about the changeover, Microsoft referred questions to FireEye and to GoDaddy, the current domain name registrar for the malicious site.

Today, FireEye responded that the domain seizure was part of a collaborative effort to prevent networks that may have been affected by the compromised SolarWinds software update from communicating with the attackers. What’s more, the company said the domain was reconfigured to act as a “killswitch” that would prevent the malware from continuing to operate in some circumstances.

“SUNBURST is the malware that was distributed through SolarWinds software,” FireEye said in a statement shared with KrebsOnSecurity. “As part of FireEye’s analysis of SUNBURST, we identified a killswitch that would prevent SUNBURST from continuing to operate.”

The statement continues:

“Depending on the IP address returned when the malware resolves avsvmcloud[.]com, under certain conditions, the malware would terminate itself and prevent further execution. FireEye collaborated with GoDaddy and Microsoft to deactivate SUNBURST infections.”

“This killswitch will affect new and previous SUNBURST infections by disabling SUNBURST deployments that are still beaconing to avsvmcloud[.]com. However, in the intrusions FireEye has seen, this actor moved quickly to establish additional persistent mechanisms to access to victim networks beyond the SUNBURST backdoor.

This killswitch will not remove the actor from victim networks where they have established other backdoors. However, it will make it more difficult to for the actor to leverage the previously distributed versions of SUNBURST.”

It is likely that given their visibility into and control over the malicious domain, Microsoft, FireEye, GoDaddy and others now have a decent idea which companies may still be struggling with SUNBURST infections.

The killswitch revelations came as security researchers said they’d made progress in decoding SUNBURST’s obfuscated communications methods. Chinese cybersecurity firm RedDrip Team published their findings on Github, saying its decoder tool had identified nearly a hundred suspected victims of the SolarWinds/Orion breach, including universities, governments and high tech companies.

Meanwhile, the potential legal fallout for SolarWinds in the wake of this breach continues to worsen. The Washington Post reported Tuesday that top investors in SolarWinds sold millions of dollars in stock in the days before the intrusion was revealed. SolarWinds’s stock price has fallen more than 20 percent in the past few days. The Post cited former enforcement officials at the U.S. Securities and Exchange Commission (SEC) saying the sales were likely to prompt an insider trading investigation.

Tive nabs $12M Series A to track shipment conditions in real time

/0 Comments/in /by

Tive, a Boston-based startup, is building a hardware and software platform to help track the conditions of a shipment like say food or medicine to make sure it is stored under the proper conditions as it moves from farm or factory to market. Today, the company announced a $12 million Series A.

RRE Ventures led the round with help from new investor Two Sigma Ventures and existing investors NextView Ventures, Hyperplane Ventures, One Way Ventures, Fathom Ventures and other unnamed individuals. The company has now raised close to $17 million, according to Crunchbase data.

Tive helps companies all over the world track their shipments in a very specific way,” company co-founder and CEO Krenar Komoni told me. Using a tracking device the company created, customers can press a button, place the tracker on a palette or in a container, and it begins transmitting shipment data like temperature, shock, light exposure, humidity and location data in real time to ensure that the shipment is moving safely to market under proper conditions.

He said that they are the first company to create single-use 5G trackers, meaning the shipping company doesn’t have to worry about managing, maintaining, recharging or returning them (although they encourage that by giving a discount for future orders on returned items).

Tive tracker over computer displaying tracking data software.

Tive hardware tracker and data tracking software. Image Credit: Tive

The approach seems to be working. Komoni reports that revenue has grown 570% in 2020 as the product-market fit has become more acute with digitization hitting the supply chain in a big way. He says that in particular customers and investors like the company’s full-stack approach.

“What’s interesting […] and why we are resonating with customers and also why investors like it, is because we’re providing the full stack, meaning the hardware, the software, the platform and the APIs to major transportation management systems,” Komoni explained.

The company has 22 employees and expects to double that number in 2021. As he grows the company, Komoni says that as an immigrant founder, he’s particularly sensitive to diversity and inclusion.

“I’m an immigrant myself. I grew up in Kosovo, came to the U.S. when I was 17 years old, went to high school here in Vermont. I’m a U.S. citizen, but part of who I am is being open to different cultures and different nationalities. It’s just part of my nature,” he says.

The company was founded in 2015 and its facilities are in Boston. It has continued shipping devices throughout the pandemic, and that has meant figuring out how to operate in a safe way with some employees in the building. He expects the company will have more employees operating out of the office as we move past the pandemic. He also has an engineering operation in Kosovo.

Fairmarkit lands $30M Series B to modernize procurement

Twitter taps AWS for its latest foray into the public cloud

/0 Comments/in /by

Twitter has a lot going on, and it’s not always easy to manage that kind of scale on your own. Today, Amazon announced that Twitter has signed a multi-year agreement with AWS to run its real-time timelines. It’s a major win for Amazon’s cloud arm.

While the companies have worked together in some capacity for over a decade, this marks the first time that Twitter is tapping AWS to help run its core timelines.

“This expansion onto AWS marks the first time that Twitter is leveraging the public cloud to scale their real-time service. Twitter will rely on the breadth and depth of AWS, including capabilities in compute, containers, storage and security, to reliably deliver the real-time service with the lowest latency, while continuing to develop and deploy new features to improve how people use Twitter,” the company explained in the announcement.

AWS announces new ARM-based instances with Graviton2 processors

Parag Agrawal, chief technology officer at Twitter, sees this as a way to expand and improve the company’s real-time offerings by taking advantage of AWS’s network of data centers to deliver content closer to the user. “The collaboration with AWS will improve performance for people who use Twitter by enabling us to serve Tweets from data centers closer to our customers at the same time as we leverage the Arm-based architecture of AWS Graviton2 instances. In addition to helping us scale our infrastructure, this work with AWS enables us to ship features faster as we apply AWS’s diverse and growing portfolio of services,” Agrawal said in a statement.

It’s worth noting that Twitter also has a relationship with Google Cloud. In 2018, it announced it was moving its Hadoop clusters to GCP.

This announcement could be considered a case of the rich getting richer as AWS is the leader in the cloud infrastructure market by far, with around 33% market share. Microsoft is in second with around 18% and Google is in third with 9%, according to Synergy Research. In its most recent earnings report, Amazon reported $11.6 billion in AWS revenue, putting it on a run rate of over $46 billion.

Twitter is moving a portion of its infrastructure to Google Cloud

Parsec raises $25M from a16z to power remote work and cloud gaming

/0 Comments/in /by

Parsec, a startup that’s built streaming technology for both work and play, is announcing that it has raised $25 million in Series B funding.

This brings Parsec’s total funding to $33 million, according to Crunchbase. The round was led by Andreessen Horowitz, with the firm’s general partner Martin Casado joining the board. Previous investors Lerer Hippeau, Makers Fund, NextView Ventures and Notation Capital also participated.

CEO Benjy Boxer told me that since he and CTO Chris Dickson founded the company in 2016, the vision has always been “to make it easier for people to connect to their technology, software and content from anywhere, on any device.”

They started out by helping gamers access their gaming PCs from other devices (the Parsec app is currently available for Windows, Mac, Linux, Android, Raspberry Pi and the web).

“From the beginning, we thought that if we could build something that is great for gaming, it will be great for everything,” Boxer said.

But it was a natural transition to other use cases, since some of the people using Parsec to play games in their free time also turned out to work at TV production companies, video game companies or in other jobs where they need access to high-end workstations. That’s why the company launched Parsec for Teams this year, which offers the same low-latency remote experience, while also adding features like encryption, group permissions and collaboration on the same file.

Parsec screenshot

Image Credits: Parsec

“The performance of Parsec is just way above everything else,” Boxer said. “People forget they’re using Parsec.”

Parsec works with major gaming clients like EA, Ubisoft, Blizzard Entertainment and Square Enix, and it’s also being used in industries like architecture, engineering and video broadcast/production/post-production.

And as you might imagine, the need for something like this has only increased during the pandemic. Boxer said customers have found that the platform is saving their employees more than an hour a day by eliminating the commute and giving them high-speed access to their workstations — rather than, say, having to wait an hour for a 100 gigabyte file to download.

And most of those clients anticipate that after the pandemic, their employees will continue for work from home for part of the time.

“So in that scenario, people are bringing their computers back to the office, and they can use Parsec to make sure it’s always accessible to them,” Boxer said.

On the consumer side, he said that where usage was previously heaviest during the weekends, during the pandemic “there’s no spike anymore on the weekends, people are playing all the time.”

Boxer added that the company will continue developing the core platform, leading to improvements for both gaming and enterprise users, while there’s a separate team focused on building administrative and collaborative features.

Is the time finally right for platform-agnostic cloud gaming?

 

Vista’s $3.5B purchase of Pluralsight signals a maturing edtech market

/0 Comments/in /by

On Monday, Pluralsight, a Utah-based startup that sells software development courses to enterprises, announced that it has been acquired by Vista for $3.5 billion.

The deal, yet to close, is one of the largest enterprise buys of the year: Vista is getting an online training company that helps retrain techies with in-demand skills through online courses in the midst of a booming edtech market. Additionally, the sector is losing one of its few publicly traded companies just two years after it debuted on the stock market.

The Pluralsight acquisition is largely a positive signal that shows the strength of edtech’s capital options as the pandemic continues.

Investors and founders told Techcrunch that the Pluralsight acquisition is largely a positive signal that shows the strength of edtech’s capital options as the pandemic continues.

“What’s happening in edtech is that capital markets are liquidating,” said Deborah Quazzo, managing partner of GSV Advisors.

Quazzo, a seed investor in Pluralsight, said the ability to move fluidly between privately held and publicly held companies is a characteristic of tech sectors with deep capital markets, which is different from edtech’s “old days, where the options to exit were very narrow.”

AWS introduces new Chaos Engineering as a Service offering

/0 Comments/in /by

When large companies like Netflix or Amazon want to test the resilience of their systems, they use chaos engineering tools designed to help them simulate worst-case scenarios and find potential issues before they even happen. Today at AWS re:Invent, Amazon CTO Werner Vogels introduced the company’s Chaos Engineering as a Service offering called AWS Fault Injection Simulator.

The name may lack a certain marketing panache, but Vogels said that the service is designed to help bring this capability to all companies. “We believe that chaos engineering is for everyone, not just shops running at Amazon or Netflix scale. And that’s why today I’m excited to pre-announce a new service built to simplify the process of running chaos experiments in the cloud,” Vogels said.

As he explained, the goal of chaos engineering is to understand how your application responds to issues by injecting failures into your application, usually running these experiments against production systems. AWS Fault Injection Simulator offers a fully managed service to run these experiments on applications running on AWS hardware.

AWS Fault Injection Simulator workflow.

Image Credits: Amazon / Getty Images

“FIS makes it easy to run safe experiments. We built it to follow the typical chaos experimental workflow where you understand your steady state, set a hypothesis and inject faults into your application. When the experiment is over, FIS will tell you if your hypothesis was confirmed, and you can use the data collected by CloudWatch to decide where you need to make improvements,” he explained.

While the company was announcing the service today, Vogels indicated it won’t actually be available until some time next year.

It’s worth noting that there are other similar services out there by companies, like Gremlin, which are already providing a broad Chaos Engineering Service as a Service offering.

Gremlin brings Chaos Engineering as a Service to Kubernetes

SolarWinds Hack Could Affect 18K Customers

/0 Comments/in /by

The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems.

On Dec. 13, SolarWinds acknowledged that hackers had inserted malware into a service that provided software updates for its Orion platform, a suite of products broadly used across the U.S. federal government and Fortune 500 firms to monitor the health of their IT networks.

In a Dec. 14 filing with the U.S. Securities and Exchange Commission (SEC), SolarWinds said roughly 33,000 of its more than 300,000 customers were Orion customers, and that fewer than 18,000 customers may have had an installation of the Orion product that contained the malicious code. SolarWinds said the intrusion also compromised its Microsoft Office 365 accounts.

The initial breach disclosure from SolarWinds came five days after cybersecurity incident response firm FireEye announced it had suffered an intrusion that resulted in the theft of some 300 proprietary software tools the company provides to clients to help secure their IT operations.

On Dec. 13, FireEye published a detailed writeup on the malware infrastructure used in the SolarWinds compromise, presenting evidence that the Orion software was first compromised back in March 2020. FireEye didn’t explicitly say its own intrusion was the result of the SolarWinds hack, but the company confirmed as much to KrebsOnSecurity earlier today.

Also on Dec. 13, news broke that the SolarWinds hack resulted in attackers reading the email communications at the U.S. Treasury and Commerce departments.

On Dec. 14, Reuters reported the SolarWinds intrusion also had been used to infiltrate computer networks at the U.S. Department of Homeland Security (DHS). That disclosure came less than 24 hours after DHS’s Cybersecurity and Infrastructure Security Agency (CISA) took the unusual step of issuing an emergency directive ordering all federal agencies to immediately disconnect the affected Orion products from their networks.

ANALYSIS

Security experts have been speculating as to the extent of the damage from the SolarWinds hack, combing through details in the FireEye analysis and elsewhere for clues about how many other organizations may have been hit.

And it seems that Microsoft may now be in perhaps the best position to take stock of the carnage. That’s because sometime on Dec. 14, the software giant took control over a key domain name — avsvmcloud[.]com — that was used by the SolarWinds hackers to communicate with systems compromised by the backdoored Orion product updates.



Armed with that access, Microsoft should be able to tell which organizations have IT systems that are still trying to ping the malicious domain. However, because many Internet service providers and affected companies are already blocking systems from accessing that malicious control domain or have disconnected the vulnerable Orion services, Microsoft’s visibility may be somewhat limited.

Microsoft has a long history of working with federal investigators and the U.S. courts to seize control over domains involved in global malware menaces, particularly when those sites are being used primarily to attack Microsoft Windows customers.

Microsoft dodged direct questions about its visibility into the malware control domain, suggesting those queries would be better put to FireEye or GoDaddy (the current domain registrar for the malware control server). But in a response on Twitter, Microsoft spokesperson Jeff Jones seemed to confirm that control of the malicious domain had changed hands.

“We worked closely with FireEye, Microsoft and others to help keep the internet safe and secure,” GoDaddy said in a written statement. “Due to an ongoing investigation and our customer privacy policy, we can’t comment further at this time.”

FireEye declined to answer questions about exactly when it learned of its own intrusion via the Orion compromise, or approximately when attackers first started offloading sensitive tools from FireEye’s network. But the question is an interesting one because its answer may speak to the motivations and priorities of the hackers.

Based on the timeline known so far, the perpetrators of this elaborate hack would have had a fairly good idea back in March which of SolarWinds’ 18,000 Orion customers were worth targeting, and perhaps even in what order.

Alan Paller, director of research for the SANS Institute, a security education and training company based in Maryland, said the attackers likely chose to prioritize their targets based on some calculation of risk versus reward.

Paller said the bad guys probably sought to balance the perceived strategic value of compromising each target with the relative likelihood that exploiting them might result in the entire operation being found out and dismantled.

“The way this probably played out is the guy running the cybercrime team asked his people to build a spreadsheet where they ranked targets by the value of what they could get from each victim,” Paller said. “And then next to that they likely put a score for how good the malware hunters are at the targets, and said let’s first go after the highest priority ones that have a hunter score of less than a certain amount.”

The breach at SolarWinds could well turn into an existential event for the company, depending on how customers react and how SolarWinds is able to weather the lawsuits that will almost certainly ensue.

“The lawsuits are coming, and I hope they have a good general counsel,” said James Lewis, senior vice president at the Center for Strategic and International Studies. “Now that the government is telling people to turn off [the SolarWinds] software, the question is will anyone turn it back on?”

According to its SEC filing, total revenue from the Orion products across all customers — including those who may have had an installation of the Orion products that contained the malicious update — was approximately $343 million, or roughly 45 percent of the firm’s total revenue. SolarWinds’ stock price has fallen 25 percent since news of the breach first broke.

Some of the legal and regulatory fallout may hinge on what SolarWinds knew or should have known about the incident, when, and how it responded. For example, Vinoth Kumar, a cybersecurity “bug hunter” who has earned cash bounties and recognition from multiple companies for reporting security flaws in their products and services, posted on Twitter that he notified SolarWinds in November 2019 that the company’s software download website was protected by a simple password that was published in the clear on SolarWinds’ code repository at Github.

Andrew Morris, founder of the security firm GreyNoise Intelligence, on said that as of Tuesday evening SolarWinds still hadn’t removed the compromised Orion software updates from its distribution server.

Another open question is how or whether the incoming U.S. Congress and presidential administration will react to this apparently broad cybersecurity event. CSIS’s Lewis says he doubts lawmakers will be able to agree on any legislative response, but he said it’s likely the Biden administration will do something.

“It will be a good new focus for DHS, and the administration can issue an executive order that says federal agencies with regulatory authority need to manage these things better,” Lewis said. “But whoever did this couldn’t have picked a better time to cause a problem, because their timing almost guarantees a fumbled U.S. response.”

Vista acquires IT education platform Pluralsight for $3.5B

/0 Comments/in /by

The hectic M&A cycle we have seen throughout 2020 continued this weekend when Vista Equity Partners announced it was acquiring Pluralsight for $3.5 billion.

That comes out to $20.26 per share. The company stock closed on Friday at $18.50 per share on a market cap of over $2.7 billion.

With Pluralsight, Vista gets an online training company that helps educate IT professionals, including developers, operations, data and security, with a suite of online courses. As the pandemic has taken hold, it has breathed new life into edtech, but even before that, there was a market for upskilling IT Pros online.

This trend certainly didn’t escape Monti Saroya, co-head of the Vista Flagship Fund and senior managing director at Vista. “We have seen firsthand that the demand for skilled software engineers continues to outstrip supply, and we expect this trend to persist as we move into a hybrid online-offline world across all industries and interactions, with business leaders recognizing that technological innovation is critical to business success,” he said in a statement.

Pluralsight prices its IPO at $15 per share, raising over $300M

As is typical for acquired companies, Pluralsight CEO Aaron Skonnard sees this as a way to grow the company more quickly. “The global Vista ecosystem of leading enterprise software companies provides significant resources and institutional knowledge that will open doors and help fuel our growth. We’re thrilled that we will be able to leverage Vista’s expertise to further strengthen our market leading position,” Skonnard said in a statement.

In a 2017 interview with TechCrunch’s Sarah Buhr, Skonnard described the company as an enterprise SaaS learning platform. It goes beyond simply offering the courses by giving professionals in a given category such as developer or IT operations the ability to measure their skills and abilities against other pros in that category. He saw this assessment capability as a big differentiator.

“Our platform is ultimately focused on closing the technology skills gap throughout the world,” Skonnard told Buhr.

Pluralsight, which was founded in 2004, raised more than $190 million before going public in 2018. The company has 1,700 employees and more than 17,000 customers. The acquisition is subject to standard regulatory oversight, but is expected to close in the first half of next year. Once that happens, the company will go private once again.

Private equity firms can offer enterprise startups a viable exit option

German Bionic raises $20M led by Samsung for exoskeleton tech to supercharge human labor

/0 Comments/in /by

Exoskeleton technology has been one of the more interesting developments in the world of robotics: Instead of building machines that replace humans altogether, build hardware that humans can wear to supercharge their abilities. Today, German Bionic, one of the startups designing exoskeletons specifically aimed at industrial and physical applications — it describes its Cray X robot as “the world’s first connected exoskeleton for industrial use,” that is, to help people lifting and working with heavy objects, providing more power, precision and safety — is announcing a funding round that underscores the opportunity ahead.

The Augsburg, Germany-based company has raised $20 million, funding that it plans to use to continue building out its business, as well as its technology, both in terms of the hardware and the cloud-based software platform, German Bionic IO, that works with the exoskeletons to optimize them and help them “learn” to work better.

The Cray X currently can compensate up to 30 kg for each lifting movement, the company says.

“With our groundbreaking robotic technology that combines human work with the industrial Internet of Things (IIoT), we literally strengthen the shop floor workers’ backs in an immediate and sustainable way. Measurable data underscores that this ultimately increases productivity and the efficiency of the work done,” says Armin G. Schmidt, CEO of German Bionic, in a statement. “The market for smart human-machine systems is huge and we are now perfectly positioned to take a major share and substantially improve numerous working lives.”

The Series A is being co-led by Samsung Catalyst Fund, a strategic investment arm from the hardware giant, and German investor MIG AG, one of the original backers of BioNtech, the breakthrough company that’s developed the first COVID-19 vaccine to be rolled out globally.

Storm Ventures, Benhamou Global Ventures (founded and led by Eric Benhamou, who was the founding CEO of Palm and before that the CEO of 3com) and IT Farm also participated. Previously, German Bionic had only raised $3.5 million in seed funding (with IT Farm, Atlantic Labs and individual investors participating).

German Bionic’s rise comes at an interesting moment in terms of how automation and cloud technology are sweeping the world of work. When people talk about the next generation of industrial work, the focus is usually on more automation and the rise of robots to replace humans in different stages of production.

But at the same time, some robotics technologists have worked on another idea. Because we’re probably still a long way away from being able to make robots that are just like humans, but better in terms of cognition and all movements, instead, create hardware that doesn’t replace, but augments, live laborers, to help make them stronger while still being able to retain the reliable and fine-tuned expertise of those humans.

The argument for more automation in industrial settings has taken on a more pointed urgency in recent times, with the rise of the COVID-19 health pandemic: Factories have been one of the focus points for outbreaks, and the tendency has been to reduce physical contact and proximity to reduce the spread of the virus.

Exoskeletons don’t really address that aspect of COVID-19 — even if you might require less of them as a result of using exoskeletons, you still require humans to wear them, after all — but the general focus that automation has had has brought more attention to the opportunity of using them.

And in any case, even putting the pandemic to one side, we are still a long way away from cost-effective robots that completely replace humans in all situations. So, as we roll out vaccinations and develop a better understanding of how the virus operates, this still means a strong market for the exoskeleton concept, which analysts (quoted by German Bionic) predict could be worth as much as $20 billion by 2030.

In that context, it’s interesting to consider Samsung as an investor: The company itself, as one of the world’s leading consumer electronics and industrial electronics providers, is a manufacturing powerhouse in its own right. But it also makes equipment for others to use in their industrial work, both as a direct brand and through subsidiaries like Harman. It’s not clear which of these use cases interests Samsung: whether to use the Cray X in its own manufacturing and logistics work, or whether to become a strategic partner in manufacturing these for others. It could easily be both.

“We are pleased to support German Bionic in its continued development of world-leading exoskeleton technology,” says Young Sohn, corporate president and chief strategy officer for Samsung Electronics and chairman of the board, Harman, in a statement. “Exoskeleton technologies have great promise in enhancing human’s health, wellbeing and productivity. We believe that it can be a transformative technology with mass market potential.”

German Bionic describes its Cray X as a “self-learning power suit” aimed primarily at reinforcing lifting movements and to safeguard the wearer from making bad calls that could cause injuries. That could apply both to those in factories, or those in warehouses, or even sole trader mechanics working in your local garage. The company is not disclosing a list of customers, except to note that it includes, in the words of a spokesperson, “a big logistics player, industrial producers and infrastructure hubs.” One of these, the Stuttgart Airport, is highlighted on its site.  

Roam debuts a robotic exoskeleton for skiers

“Previously, efficiency gains and health promotion in manual labor were often at odds with one another. German Bionic Systems managed to not only break through this paradigm, but also to make manual labor a part of the digital transformation and elegantly integrate it into the smart factory,” says Michael Motschmann, managing partner with MIG in a statement. “We see immense potential with the company and are particularly happy to be working together with a first-class team of experienced entrepreneurs and engineers.”

Exoskeletons as a concept have been around for over a decade already — MIT developed its first exoskeleton, aimed to help soldiers carrying heavy loads — back in 2007, but advancements in cloud computing, smaller processors for the hardware itself and artificial intelligence have really opened up the idea of where and how these might augment humans. In addition to industry, some of the other applications have included helping people with knee injuries (or looking to avoid knee injuries!) ski better, and for medical purposes, although the recent pandemic has put a strain on some of these use cases, leading to indefinite pauses in production.

iCIMS acquires video recruiting startup Altru for $60M

/0 Comments/in /by

Enterprise recruiting company iCIMS is announcing that it has acquired Altru.

ICIMS declined to comment on the terms of the deal, but a source with knowledge of the companies told us that the price is a combination of cash and stock, totaling around $60 million.

Founded in 2000, iCIMS offers a “talent cloud” used by more than 4,000 employers to attract, engage and hire new employees, and to help existing employees continue to develop their careers.

Former Marketo chief executive Steve Lucas became CEO in February, and he told me that the recruiting world is overdue for reinvention. After all, every company says they want to hire the most talented people around, so he wondered, “Well, okay, if you want that, why do you create such boring content? Why do you take a job that is exciting and should demand amazing human beings and create this super boring job description?”

Lucas sees video as a key piece of the solution, allowing companies to bring more “authenticity” to what can be a stuffy and bureaucratic process. Just over a month ago, iCIMS announced another acquisition in this area — Paris-based Easyrecrue.

Altru raises $1.3M to improve recruiting with employee videos

Lucas said that while Easyrecrue has created tools to enrich video interviews, Altru can be most helpful earlier in the recruiting process, when companies are trying to stay connected with the most promising candidates and get them excited about a potential job.

Altru CEO Alykhan Rehmatullah (who founded the startup with CTO Vincent Polidoro — they’re both pictured above) told me that while the company started out with a focus on recording and sharing employee videos for recruitment, its asynchronous videos are becoming used more broadly across companies. He suggested that’s particularly true this year, while teams are working from home and everyone’s looking for ways to communicate that are more expressive than Slack and don’t require putting “another 30-minute Zoom call on your calendar.”

In fact, Lucas said that before talking to me, he’d actually been recording videos on Altru to explain the acquisition to his own team. He praised the platform’s ease of use, joking, “If I can use this thing, anybody can use it.”

Rehmatullah said the entire Altru team will be joining iCIMS, where he’ll become vice president of content strategy. The goal is to continue operating Altru as a standalone product while also finding new ways to integrate it into the iCIMS platform.

Altru previously raised a total of $1.3 million from Birchmere Ventures, Active Capital and Techstars.

Why CEOs should spend up to half their time recruiting