Head Topics

Snowflake customers not using MFA are not unique – over 165 of them have been compromised

United Kingdom News News

Snowflake customers not using MFA are not unique – over 165 of them have been compromised
United Kingdom Latest News,United Kingdom Headlines
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 44 sec. here
  • 2 min. at publisher
  • 📊 Quality Score:
  • News: 21%
  • Publisher: 61%

Mandiant warns criminal gang UNC5537, which may be friendly with Scattered Spider, is on the rampage

An unknown financially motivated crime crew has swiped a"significant volume of records" from Snowflake customers' databases using stolen credentials, according to Mandiant.

About a month later, after uncovering"multiple" Snowflake customer compromises, Mandiant contacted the cloud biz and the two began notifying affected organizations. By May 24 the criminals had begun selling the stolen data online, and on May 30 Snowflake issued its UNC5537 has used both .NET and Java versions of this tool to perform reconnaissance against targeted Snowflake customers, allowing the gang to identify users, their roles, and IP addresses.Christie's confirms RansomHub crooks stole data on 45K clients

Second, the attackers used valid credentials,"hundreds" of which were stolen thanks to infostealer infections – some as far back as 2020. Common variants used included VIDAR, RISEPRO, REDLINE, RACOON STEALER, LUMMA and METASTEALER. But even in these years-old thefts, the credentials had not been updated or rotated.

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

United Kingdom Latest News, United Kingdom Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Snowflake tells customers to enable MFA as investigations continueSnowflake tells customers to enable MFA as investigations continueAlso, industry begs Uncle Sam for infosec reg harmony, dueling container-compromise campaigns, and crit vulns
Read more »

Sherborne waterwheel displays reveal 165-year historySherborne waterwheel displays reveal 165-year historyVolunteers have spent 25 years restoring a 26ft-wide (7m) waterwheel at Sherborne Steam Centre.
Read more »

Casino cyberattacks put a bullseye on Scattered Spider – and the FBI is closing inCasino cyberattacks put a bullseye on Scattered Spider – and the FBI is closing inMandiant CTO chats to The Reg about the looming fate of this ransomware crew
Read more »

Hudson Rock yanks report fingering Snowflake employee creds snafu for mega-leakHudson Rock yanks report fingering Snowflake employee creds snafu for mega-leakCloud storage giant lawyers up against infosec house
Read more »

Snowflake denies miscreants melted its security to steal data from top customersSnowflake denies miscreants melted its security to steal data from top customersInfosec house claims Ticketmaster, Santander hit via cloud storage
Read more »

Microsoft gives Windows admins a break and MFA a hard pushMicrosoft gives Windows admins a break and MFA a hard pushUpdates now optional, but Azure security is not
Read more »



Render Time: 2025-02-19 18:54:07