Over 165 Snowflake customers didn't use MFA, says Mandiant
The Register
|
Contributed by: Sarah Richardson
Summary
A financially motivated crime group known as UNC5537 has infiltrated Snowflake customer databases using stolen credentials, according to an investigation by Mandiant. Around 165 organizations may be affected, with the intruders potentially linked to the group responsible for the 2023 Las Vegas casino breaches. The attacks, which began in mid-April 2023, exploited compromised customer credentials, often obtained via malware, and bypassed lack of multi-factor authentication (MFA) and network allow-lists. Stolen data has been sold online, and tools like the reconnaissance utility "FROSTBITE" and the DBeaver database management utility facilitated these breaches. Mandiant emphasizes that no breach occurred in Snowflake's own systems but highlights the vulnerabilities stemming from shared access through contractor systems and unprotected accounts.
