In the realm of modern cloud computing, where hybrid technology infrastructure is the norm, security threats are an ever-present concern. Recently, customers of the IT services provider Snowflake have found themselves in the crosshairs of cyber attackers.
On June 10, Mandiant, a security company owned by Google, reported that customer instances on the Snowflake cloud were being targeted for attacks using leaked login credentials. The attacks are currently concentrated solely on customer accounts and not on the Snowflake service itself, which offers a number of hosted cloud and data management services.
Mandiant has filed these attacks under the banner of UNC5537, a financially motivated threat actor suspected of stealing a significant volume of records from Snowflake customer environments. UNC5537 is systematically compromising Snowflake customer instances using stolen customer credentials, advertising victim data for sale on cybercrime forums, and attempting to extort many of the victims.
Interestingly, the Mandiant team did not connect these attacks with the recently reported breach of Snowflake by the hacking crew ShinyHunters. The hackers claim to possess hundreds of millions of credentials, though Snowflake maintains that the breached system was a test environment used by a former employee. As a result of that attack, Ticketmaster and Santander Bank reported data breaches to their customers.
The UNC5537 operation dates back to at least 2020, and Mandiant estimates that at least 165 organizations are at risk of attack. It is believed that the attackers are using a piece of info-stealing malware to pilfer user login credentials. Those stolen accounts are, in turn, used to access the victims’ Snowflake instances to steal further data, either to sell on the dark web or perform a ransomware extortion.
In light of these attacks, Mandiant advises Snowflake customers to implement two-factor authentication on their instances, noting that all of the breaches it observed were customers who had not enabled this feature. This incident serves as a stark reminder of the importance of robust security measures in the era of cloud computing.
You may also like:- How to Use Shell Scripting for Penetration Testing
- How to Use Security Testing Tools for CISSP Exam
- How to Use Kali Linux for OSINT Automation
- Top Cybersecurity Certifications That Will Be in Demand in 2030
- Top 4 Best Cybersecurity Certifications That Lead to Six-Figure Salaries
- How to Use CISSP Certification to Advance Your Career Long-Term
- 37 Key Checks for Effective Bug Bounty Hunting
- CISSP Exam Format Explained – What to Expect on Test Day
- The OWASP Top 10 – What CISSP Candidates Must Know
- How UEBA (User and Entity Behavior Analytics) Enhances SIEM Capabilities
