This Week Health
Alex's Lemonade Stand This Week Health
<- Back to Insights
June 17, 2024

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | Google Cloud Blog

cloud.google.com
|
Contributed by: Drex DeFord
Summary
Mandiant has detected a threat campaign, UNC5537, targeting Snowflake database instances with aims of data theft and extortion. Rather than breaching Snowflake's enterprise environment, the attackers leveraged compromised customer credentials, often obtained through infostealer malware, to access and exfiltrate significant volumes of data from affected accounts. These compromised accounts lacked multi-factor authentication and had not updated credentials over years. Mandiant has identified hundreds of affected organizations and, in collaboration with Snowflake, has been notifying potential victims while coordinating with law enforcement. The threat group has used various infostealer malware variants and stored stolen data across several VPS providers and MEGA for further extortion and sale on cybercriminal forums. The campaign highlights crucial gaps in credential security practices and the importance of multi-factor authentication and limiting access to trusted locations.

Explore Related Topics

Subscribe Now to Receive Seven Top Stories Daily to Your Inbox

Subscribe News
Healthcare Transformation Powered by Community

© Copyright 2024 Health Lyrics All rights reserved