https://www.hudsonrock.com/blog/snowflake-massive-breach-access-through-infostealer-infection [5fca25a41f] This website uses cookies. Learn More [5] [6640a55acadfb5d122f6] Products CavalierBayonetUse Cases APIFree ToolsContact About Us Partner with UsCompanyBlogBlog Customer Login Schedule a Demo Customer Login Schedule a Demo [5fca25a41f] Snowflake, Cloud Storage Giant, Suffers Massive Breach: Hacker Confirms to Hudson Rock Access Through Infostealer Infection May 31, 2024 Snowflake, Cloud Storage Giant, Suffers Massive Breach: Hacker Confirms to Hudson Rock Access Through Infostealer Infection Background In this research, we aim to shed light on one of the largest data breaches to date. By directly communicating with the threat actor behind the massive data breach of cloud storage giant, Snowflake, we gained unprecedented insight into the devastating impact of Infostealer infections. The story begins on May 26th, in a Telegram conversation with a threat actor claiming to have hacked two major companies, Ticketmaster and Santander Bank. The data from these companies was put up for sale on the Russian-speaking cybercrime forum, exploit[.]in. Database samples provided by the threat actor led Hudson Rock researchers to believe that the data is genuine. [6659c89047] Santander bank data offered for sale on exploit.in In the conversation with Hudson Rock, the threat actor reveals that there is much more to the story than these two breaches, and that additional major companies suffered a similar fate, allegedly including many of Snowflake's customers which can be found on their website https://www.snowflake.com/en/customers/all-customers/ [6659fde3cd] Further explaining the source of the hack, the threat actor adds that all of these breaches stem from the hack of a single vendor -- Snowflake. To understand how the hack was carried out, the threat actor explains that they were able to sign into a Snowflake employee's ServiceNow account using stolen credentials, thus bypassing OKTA which is located on lift.snowflake.com. Following the infiltration, the threat actor claims that they were able to generate session tokens, which enabled them to exfiltrate massive amounts of data from the company. [6659c9a73e] Method used to hack Snowflake as shared by the threat actor To put it bluntly, a single credential resulted in the exfiltration of potentially hundreds of companies that stored their data using Snowflake, with the threat actor himself suggesting 400 companies are impacted. [6659c9dd48] The goal of the threat actor, as in most cases, was to blackmail Snowflake into buying their own data back for $20,000,000. [6659ca0acf] However it seems the company was not responsive. Further evidence of the hack includes a CSV file that the threat actor shared with Hudson Rock's researchers, which shows the depth of their access to Snowflake servers. This file documents over 2,000 customer instances relating to Snowflake's Europe servers. [6659ca4be3] Screenshot of "snowflake_eu-orgadmin.csv shared with Hudson Rock researchers One credential to rule them all Going over the data found in the CSV file, Hudson Rock researchers identified a Snowflake employee who was infected by a Lumma-type Infostealer on October 5th, 2023. Along with other sensitive credentials to Snowflake's infrastructure, this employee's login details (adelou) to a specific server (https:// sfseeurope-demo_adelou.snowflakecomputing.com) were also compromised. [6659cae5a8] When asked about the specific credentials used to carry out the hack, the threat actor confirmed to Hudson Rock researchers that indeed these are the same credentials they used, and shared a mutual sentiment with us around the absolute ease in which this gigantic hack could have been prevented. [6659cb1905] It is still undetermined what other companies were impacted by the hack. We expect that this information will be revealed slowly and over time as negotiations with the impacted companies are still ongoing. On may 31st, Snowflake released a statement in which they claim that they are investigating an industry-wide identity-based attacks that have impacted "some" of their customers. [6659cb4dcf] Hudson Rock will follow up with updates relating to this hack. [650048771a] Info-stealer infections as a cybercrime trend surged by an incredible 6000% since 2018, positioning them as the primary initial attack vector used by threat actors to infiltrate organizations and execute cyberattacks, including ransomware, data breaches, account overtakes, and corporate espionage. To learn more about how Hudson Rock protects companies from imminent intrusions caused by info-stealer infections of employees, partners, and users, as well as how we enrich existing cybersecurity solutions with our cybercrime intelligence API, please schedule a call with us, here: https://www.hudsonrock.com/schedule-demo We also provide access to various free cybercrime intelligence tools that you can find here: www.hudsonrock.com/free-tools Thanks for reading, Rock Hudson Rock! Follow us on LinkedIn: https://www.linkedin.com/company/hudson-rock Follow us on Twitter: https://www.twitter.com/RockHudsonRock Schedule a DemoAre you Compromised? An Avoidable Breach -- FBI Hacker Leaks Sensitive Airbus Data September 12, 2023 An Avoidable Breach -- FBI Hacker Leaks Sensitive Airbus Data A relatively unknown threat actor who goes by the alias "USDoD" posted a thread in which they offered the database of the FBI's sharing system... 100,000 Hackers Exposed from Top Cybercrime Forums August 14, 2023 100,000 Hackers Exposed from Top Cybercrime Forums Hudson Rock' researchers found that a staggering 120,000 infected computers, many of which belong to hackers, had credentials associated with cybercrime forums. Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer July 16, 2023 Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer Threat actor "La_Citrix" is known for hacking companies -- he accidentally infected his own computer and likely ended up selling it without noticing. Part 3 of a 3 Part Series in Collaboration with Cyrus: Botnets & Info-Stealers January 1, 2023 Part 3 of a 3 Part Series in Collaboration with Cyrus: Botnets & Info-Stealers This is the third and final part of a blog post series presented in collaboration with Cyrus in which we dive into botnets & info-stealers. Part 2 of a 3 Part Series in Collaboration with Cyrus: Botnets & Info-Stealers July 14, 2022 Part 2 of a 3 Part Series in Collaboration with Cyrus: Botnets & Info-Stealers In this second of a three part series, presented in collaboration with Cyrus, we dive into botnets & info-stealers. Part 1 of a 3 Part Series in Collaboration with Cyrus: Info-Stealers June 7, 2022 Part 1 of a 3 Part Series in Collaboration with Cyrus: Info-Stealers In this first of a three part series is presented in collaboration with Cyrus, we explain "info-stealers". Hudson Rock Featured on Cybernews! June 1, 2022 Hudson Rock Featured on Cybernews! Hudson Rock Selected as One of Cybernews' Best Threat Intelligence Solutions! More posts: An Avoidable Breach -- FBI Hacker Leaks Sensitive Airbus Data September 12, 2023 An Avoidable Breach -- FBI Hacker Leaks Sensitive Airbus Data A relatively unknown threat actor who goes by the alias "USDoD" posted a thread in which they offered the database of the FBI's sharing system... 100,000 Hackers Exposed from Top Cybercrime Forums August 14, 2023 100,000 Hackers Exposed from Top Cybercrime Forums Hudson Rock' researchers found that a staggering 120,000 infected computers, many of which belong to hackers, had credentials associated with cybercrime forums. Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer July 16, 2023 Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer Threat actor "La_Citrix" is known for hacking companies -- he accidentally infected his own computer and likely ended up selling it without noticing. Part 3 of a 3 Part Series in Collaboration with Cyrus: Botnets & Info-Stealers January 1, 2023 Part 3 of a 3 Part Series in Collaboration with Cyrus: Botnets & Info-Stealers This is the third and final part of a blog post series presented in collaboration with Cyrus in which we dive into botnets & info-stealers. Part 2 of a 3 Part Series in Collaboration with Cyrus: Botnets & Info-Stealers July 14, 2022 Part 2 of a 3 Part Series in Collaboration with Cyrus: Botnets & Info-Stealers In this second of a three part series, presented in collaboration with Cyrus, we dive into botnets & info-stealers. Part 1 of a 3 Part Series in Collaboration with Cyrus: Info-Stealers June 7, 2022 Part 1 of a 3 Part Series in Collaboration with Cyrus: Info-Stealers In this first of a three part series is presented in collaboration with Cyrus, we explain "info-stealers". Hudson Rock Featured on Cybernews! June 1, 2022 Hudson Rock Featured on Cybernews! Hudson Rock Selected as One of Cybernews' Best Threat Intelligence Solutions! In the Press: Users of cybercrime forums often fall victim to info-stealers, researchers find Users of cybercrime forums often fall victim to info-stealers, researchers find "After analyzing millions of computers infected with info-stealing malware, researchers at cybersecurity firm Hudson Rock said they identified 120,000 that contained credentials used for logging into cybercrime forums." August 16, 2023 Users of cybercrime forums often fall victim to info-stealers, researchers find Cybersecurity firm links Piers Morgan Twitter hack to leak of 400m records Cybersecurity firm links Piers Morgan Twitter hack to leak of 400m records "Israeli cyber-intelligence firm Hudson Rock appeared to be the first to notice the posting offering the data of 400 million Twitter users, tweeting about the "credible threat" three days ago." January 1, 2023 Cybersecurity firm links Piers Morgan Twitter hack to leak of 400m records 533 million Facebook users' phone numbers and personal data have been leaked online 533 million Facebook users' phone numbers and personal data have been leaked online "A database of that size containing the private information such as phone numbers of a lot of Facebook's users would certainly lead to bad actors taking advantage of the data to perform social-engineering attacks [or] hacking attempts," Gal told Insider. April 1, 2021 533 million Facebook users' phone numbers and personal data have been leaked online T-Mobile hack is a return to the roots of cybercrime T-Mobile hack is a return to the roots of cybercrime "In the case of the T-Mobile attack, the alleged hacker said they had different motivations. In a screenshot of a text conversation posted online by Alon Gal, co-founder of cybercrime firm Hudson Rock, the hacker appears to tell Gal that the attack was done "to harm US infrastructure." March 1, 2021 T-Mobile hack is a return to the roots of cybercrime [6640a55acadfb5d122f63307_Logo_Hu] [5fca25a41f][5ff56c9a4c] Hudson Rock (tm) | Terms of Service | Privacy Statement *