- Hacker “Zestix” (aka Sentap) is auctioning stolen data from 50 global companies, including Deloitte, KPMG, Samsung and Pickett & Associates.
- The victims did not have MFA and their devices had been compromised by information thieves like RedLine, Lumma or Vidar, allowing credentials to be stolen.
- Poor password hygiene and years-old logins enabled large-scale exfiltration; Pickett alone lost around 139 GB of sensitive files
Someone is auctioning off a large array of highly sensitive data, collected from 50 global companies, on the dark web. Among the victims are some real heavyweights, such as Pickett & Associates, Deloitte, KPMG and Samsung.
The news comes from Israeli cybersecurity startup Hudson Rock, which recently published an in-depth report on a hacking campaign led by a hacker under the pseudonym Zestix (AKA Sentap).
According to the report, all the victims had one thing in common: they did not enforce multi-factor authentication (MFA) and allowed access to enterprise cloud instances of ShareFile, OwnCloud, and Nextcloud, with nothing more than a password.
Stolen old passwords
Another thing all victims had in common was the fact that at least one of their devices was compromised by information-stealing malware – RedLine, Lumma or Vidar.
It’s unclear how the devices were compromised, but what matters is that Zestix was able to use the credentials to access cloud instances and exfiltrate data. In some cases, the passwords were several years old, which also meant that the victim organizations had poor password practices and rarely changed their credentials.
“When an employee logs into company portals, they assume their password is sufficient. However, Zestix relies on the widespread distribution of infostealer malware to infect personal or corporate devices,” Hudson Rock explained.
“A crucial finding of this investigation is the latency of the threat. While some credentials were recovered from recently infected machines, others had sat in the logs for years, waiting for an actor like Zestix to exploit them. This highlights a widespread failure in credential hygiene; passwords were not rotated and sessions were never invalidated, turning a years-old infection into a current disaster.”
The report does not mention specific figures, but given the large number of large companies affected, it is reasonable to assume that this is a significant trade-off. Just Pickett & Associates, whose breach news broke earlier this week, apparently lost around 139GB of sensitive files.
Via The register
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
