Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion

June 12, 2024, 11:03 a.m.

Description

An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database instances with the intent of data theft and extortion. The threat actor exploited stolen customer credentials, predominantly obtained through infostealer malware infections dating back to 2020, to gain unauthorized access to Snowflake instances lacking multi-factor authentication and network-level restrictions. UNC5537 systematically exfiltrated valuable data and subsequently attempted to extort victims or advertise the stolen data on cybercrime forums for sale. This campaign highlights the consequences of credential theft, inadequate authentication measures, and the need for enhanced security practices.

Date

Published: June 12, 2024, 10:34 a.m.

Created: June 12, 2024, 10:34 a.m.

Modified: June 12, 2024, 11:03 a.m.

Indicators

45.27.26.205

96.44.191.140

93.115.0.49

87.249.134.11

79.127.217.44

66.115.189.247

5.47.87.202

45.86.221.146

45.134.142.200

37.19.210.21

206.217.205.49

198.54.131.152

198.54.130.153

198.44.136.82

198.44.136.56

194.230.160.237

194.230.158.107

194.230.148.99

194.230.147.127

194.230.145.67

194.230.144.50

194.230.144.126

193.32.126.233

192.252.212.60

185.248.85.59

185.248.85.14

185.213.155.241

185.156.46.163

184.147.100.29

176.220.186.152

176.123.6.193

176.123.3.132

173.44.63.112

162.33.177.32

154.47.30.150

154.47.30.137

146.70.171.99

146.70.171.112

146.70.166.176

146.70.124.216

146.70.119.24

146.70.117.56

146.70.117.210

194.230.158.178

194.230.145.76

169.150.201.25

146.70.165.227

194.230.160.5

Attack Patterns

TrojanSpy:MSIL/RacoonStealer

FROSTBITE

Lumma Stealer

MetaStealer

RedLine Stealer

Vidar

RisePro

UNC5537

T1562.008

T1557.002

T1110.002

T1213.002

T1557.001

T1589.001

T1136.001

T1537

T1482

T1059.005

T1059.001

T1199

T1059.002

T1592