June 11, 2024 at 03:21AM
As many as 165 Snowflake customers had their data potentially exposed in a campaign targeting data theft and extortion, identified as UNC5537 by Mandiant. The group is believed to operate under various aliases, targeting organizations worldwide and collaborating with a party based in Turkey. Snowflake is taking measures to enhance customer security.
Based on the meeting notes, it is clear that Snowflake has been the target of a significant data theft and extortion campaign. As many as 165 customers may have had their information exposed, with the threat actor utilizing stolen customer credentials to compromise Snowflake instances. The campaign involves advertising victim data for sale on cybercrime forums and attempting to extort many of the victims. The threat actor, known as UNC5537, is financially motivated and operates under various aliases on Telegram channels and cybercrime forums.
The hacking group is believed to be based in North America and collaborate with at least one additional party based in Turkey. It has targeted hundreds of organizations worldwide and frequently extorts victims for financial gain. The campaign has resulted in the emergence of new stealer variants such as AsukaStealer, Cuckoo, Iluria, k1w1, SamsStealer, and Seidr, which are offered for sale to other criminal actors.
Mandiant, assisted by Google, is tracking the activity cluster and has highlighted the necessity for advanced security controls like multi-factor authentication (MFA) and network policies to mitigate the attacks. It’s also noted that the success of the attacks is due to a lack of multi-factor authentication, not rotating credentials periodically, and missing checks to ensure access only from trusted locations.
The report indicates that the campaign serves to underscore the increasing demand for information stealers and the pervasive threat they pose to organizations. It also highlights the collaboration and sharing of infrastructure among threat actors to achieve their goals.
Overall, the meeting notes provide crucial insights into the ongoing data theft and extortion campaign targeting Snowflake and its customers, while also emphasizing the importance of implementing advanced security measures to mitigate such attacks in the future.