A cybercriminal group known as UNC5537 has targeted Snowflake customer database instances, resulting in significant data theft and extortion. Mandiant's investigations revealed that UNC5537 accessed multiple Snowflake instances using stolen credentials from various infostealer malware campaigns. The attacks have affected 165 organizations, including Ticketmaster, whose data was accessed through a contractor named EPAM Systems. EPAM has workers in Belarus, Ukraine, and Russia, with the breach reportedly occurring through an EPAM worker in Ukraine. Hackers from the group ShinyHunters claim to have stolen data of 560 million Ticketmaster users through this breach. Mandiant has released a threat-hunting guide to help defenders mitigate such attacks.
🚨HACKERS STEAL DATA OF 560 MILLION TICKETMASTER USERS THROUGH SNOWFLAKE Hackers from ShinyHunters claim they stole data from Ticketmaster’s Snowflake account by breaching EPAM Systems, a third-party contractor. They allegedly accessed an EPAM worker’s computer infected with… https://t.co/Bg7Bqby5Rx
🚨 #Snowflake customer database instances are being targeted for data theft and extortion. To help defenders, we've released our Snowflake #threathunting guide ➡️ https://t.co/HfqrTaaY6g Read our blog post for findings on this campaign: https://t.co/tC6j9xMNTd #Mandiant https://t.co/clYwin1laD
Update on Snowflake Cyber Threat https://t.co/VTsMXSz2Qd #Cybersecurity #Cloud #ConsumerProtection @magcybersec https://t.co/lDvLT5I46b
Hackers who stole Ticketmaster data from Snowflake account appears to have accessed data through a contractor named EPAM Systems. EPAM has workers in Belarus, Ukraine and, before war, Russia. Hacker told me they breached an EPAM worker in Ukraine. https://t.co/2c6mOHsBoy
Update on Snowflake Cyber Threat https://t.co/VTsMXSz2Qd #Cybersecurity #Cloud #ConsumerProtection @RobinsonCole https://t.co/QnPCHtF2uI
Snowflake Customers Hit With ‘Significant’ Data Theft In Attacks: Mandiant: https://t.co/koOqj5imtY A cybercriminal group is suspected to have stolen data from 165 organizations, @Mandiant says.
🔎 Take a closer look at UNC5537's targeting of Snowflake customer database instances. Our investigations reveal UNC5537 accessed multiple #Snowflake instances using stolen credentials from various infostealer #malware campaigns. Read more: https://t.co/ORJvPYHQYM https://t.co/K3533eKRAX