Snowflake Attacks Mandiant Links Data Breaches to Infostealer Infections

According to Mandiant, a financially motivated threat actor tracked as UNC5537 has compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems. The credentials used in the Snowflake campaign were stolen using malware such as Lumma, Meta, Racoon Stealer, Redline, Risepro, and Vidar. In some instances, contractor systems also used for personal activities were infected with infostealers. In addition to lacking MFA and using long-exposed credentials that had not been rotated, the compromised Snowflake instances also lacked network allow lists. Approximately 80% of the accounts had prior credential exposure.

Snowflake Attacks Mandiant Links Data Breaches to Infostealer Infections

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address

Snowflake Attacks Mandiant Links Data Breaches to Infostealer Infections

10-June-24

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

INDIA | Chennai

INDIA | Kochi

INDIA | Thane

UK | London

USA | New York

KUWAIT

SRI LANKA

Address