❓

Unknown

Tags

Attribution

Unknown

Incidents

Jupyter Notebook cred harvesting campaignRedirection RouletteLastPass & GoTo incidentFast Company incidentOptus incidentGitHub & npm incidentImperva incidentESXiArgs ransomware campaignRBAC BusterBehind the scenes in the Expel SOC: Alert-to-fix in AWSLarge-scale cryptomining attack against K8s clusters detected by AzureFrom CLI to console, chasing an attacker in AWSSpotting an attacker in GCPPoisoned image to K8s to cloudSIM-Swap to Data Leak on Dark WebMisconfigured firewall to cryptojacking botnetSugarCRM as initial access to AWS envsUse of linPEAS for cloud enumerationFrom PHP exploitation to AWS lateral movementRollbar hackRetool hackCloud tools imitation campaignQubitstrike Crypto Mining and Rootkit CampaignApache server Cryptojacking with Cobalt StrikeDenonia campaignOracleIV campaignSumologic incidentTsunami targeting Jenkins and WeblogicEleKtra-LeakIceFire Aspera Faspex campaignSQL Server to cloud lateral movementFirst Republic Bank incidentCloud lateral movement via Citrix cookieCodecov incidentApache app cryptojacking campaignFBot toolkit targets cloud environmentsFrom PHP vuln to Sliver execution via cronFrom web app exploitation to Chisel tunnelingFrom WSO2 RCE to SSH lateral movementEvil_MinIO campaignLeaked long-lived AWS creds9hits Docker campaignAndroxGh0st usage (2024)From ActiveMQ to Godzilla webshellRE#TURGENCE MSSQL Server RansomOpDangerDev SES abuse incidentS3 data exfiltrationECS Fargate cryptojackingOkta support system supply chain attackCloudflare incident following Okta breachNew Relic incident (November 2023)Webmin supply chain attack (2018)SSH-Snake Confluence targeting campaignS3 ransomware scamCGI Federal incidentLINE and NAVER Cloud incidentCetus campaignGraboid campaignC3Pool mining via Confluence vulnerabilitySliver deployment via Confluence vulnerabilityFrom social engineering to cryptocurrency theft Redis, Hadoop, and Docker exploitationMeson Network cryptojacking campaignngrok cryptojacking campaignGin Docker cryptojacking campaignWidespread TeamCity exploitation (March ‘24)Okta source code theftAuth0 source code theftXZ Utils backdoor incidentSisense breachK8s targeted via OpenMetadata exploitationDelinea breachCryptojacking via Azure BatchMirai campaign targeting Ivanti productsLLMjacking via Laravel exploitationDero cryptojacking targeting K8sFrom SSH bruteforce to cryptojackingAlienFox campaignJavaScript injection via vulnerable CMSJavaScript injection via WordPress exploitationGitHub certificate theft incidentDropbox breachViamedis incidentAlmerys incidentS3 RansomOp following long-term key exposureAbusing management tooling for cloud accessPersonal local drive to AWS ransomwareThird party to cloud compromiseSmishing into Entra onto VMWare ransomwareFrom password reset to data exfiltrationCompromise of Top.gg repoScylla LLMJacking campaignDERO cryptojacking campaign (2024)Dama webshell deployment via ThinkPHP exploitationClub Penguin data theft via ConfluenceNYT source code theftSeleniumGreed: Threat actors exploit exposed Selenium Grid services for CryptominingMisconfigured Jenkins Servers Used for CryptominingPanamorfi campaignMsupedge Backdoor Targeting Taiwanese UniversityGodzilla Backdoor Exploiting Confluence VulnerabilityExtortion Campaign Exploiting Exposed Environment VariableHadooken Malware Targeting Weblogic ServersCampaign targeting Selenium Grid for cryptominingFortinet Sharepoint data leakConfluence exploited for cryptojackingGitHub PAT leakage leading to RDS Database exfiltrationDocker Swarm and K8s cryptojacking campaignperfctl Malware Targeting LinuxRackspace incident (2024)Veeam Vulnerability Exploited by Akira and Fog Ransomwareperfctl campaign targeting Docker APIkernel.org supply chain attackCdorked campaignSupply Chain Attack on lottie-playerBrowserStack Data BreachDrizly data breachThe Los Angeles Times Cryptomining AttackSharePoint Vulnerability Exploited in-the-WildRCE Vulnerability in PAN-OS Exploited in-the-WildSports Piracy Exploiting Misconfigured Jupyter ServersUltralytics compromiseState-Sponsored APT Abuse Visual Studio Code in AttacksAttack abusing Amazon SESByte Federal Data Breach via Gitlab VulnerabilityRCE Vulnerability in Apache Struts Targeted by AttackersMauri Ransomware Exploiting Apache ActiveMQ US Treasury breach via BeyondTrust supply chain attackPhishing campaign leading to Azure account takeoverVolkswagen data leak through Spring Boot Actuator misconfigurationZAGG customer data compromised via hijacked FreshClicks BigCommerce appExploitation in the wild of Aviatrix Controller RCEGravy Analytics data breachCampaign targeting exposed FortiGate firewall management interfacesKong image compromiseOtelier data breachMasterCard Fixes Five-Year-Old DNS Typo MisconfigurationUSAID cryptojacking incidentDogWifTool supply chain attackFrom social engineering to Lambda modificationMalicious AI Models Bypass Picklescan DetectionCode Injection Attacks Exploiting Publicly Disclosed ASP.NET KeysIvanti supply chain attack via compromised libraryKrpano XSS exploitation campaignZapier data breachPREMINT hackPHP-CGI Vulnerability Exploited in Attacks Targeting JapanExposed Jupyter Notebooks Targeted for Cryptominingtj-actions/changed-files supply chain attackOperation LongFangCritical Ivanti Connect Secure Vulnerability Exploited by China-linked ActorEuropecar Gitlab BreachLong-Term Email Breach at OCC Exposes Sensitive Bank Oversight DataAWS Breach at a SaaS CompanyMulti-Layered Cryptojacking via DockerGrafana GitHub Action attempted supply chain attackSAP NetWeaver Visual Composer exploitation campaignCompromised cloud keys exfiltrated to bucketComfyUI exploitation campaign Oracle Cloud Potential Supply Chain BreachLarva-25003: IIS Native Module Malware Used in Targeted Web Server AttacksGame Freak data leakFrom stolen cloud key to persistence-as-a-serviceSupply Chain Compromise of rand-user-agent: Obfuscated RAT with C2 Communication and File ExfiltrationSolana web3.js Supply Chain AttackIvanti EPMM RCE Vulnerability Chain Exploited in the WildRedisRaider Linux Cryptojacking Campaign Targets Redis ServersCoordinated One-Day Cloud Scanning Operation Targets 75 Exposure PointsOpen WebUI Misconfiguration Exploited for CryptojackingNPM Supply Chain Attack Compromises 16 Popular React Native and GlueStack PackagesTeamFiltration Account Takeover CampaignLangflow Vulnerability Exploited to Deliver Flodrix BotnetJSFireTruck: Malicious JavaScript Campaign Using ObfuscationAttacks on Korean IIS & Linux ServersLinux SSH Servers Compromised to Deploy ProxiesJDWP Exploited in the WildAzure Account Hijack via Stolen TokensAWS Data Exfiltration and Attempted RansomwareAWS Network Exploitation and Ransomware DetonationLinuxsys Cryptominer Campaign0day Vulnerability in Microsoft Sharepoint Exploited in-the-WildSoco404 Cryptomining Campaign Exploits PostgreSQL and Cloud MisconfigurationsSupply Chain Attack on npm Packages via Maintainer PhishingAWS CodeBuild Vulnerability Allows Build Process Secrets ExtractionPlague PAM-Based Backdoor for LinuxAkira Ransomware Targeting Critical Vulnerability in SonicWall SSLVPNAuto-Color Malware Exploits SAP Vulnerability for Linux BackdoorNx Package Supply Chain Compromise Delivers Data-Stealing MalwareDripDropper Malware Exploits Patched Apache ActiveMQ for Persistence on Cloud Linux SystemsGhostAction campaignQix npm package supply chain compromiseShai-Hulud: Ongoing Package Supply Chain Compromise Delivering Data-Stealing MalwareSonicWall MySonicWall Cloud Backup File Security IncidentPyTorch-nightly torchtriton dependency compromiseeBPF Rootkit Targeting AWS and Linux Environments

Last edited

Jan 18, 2024 1:25 PM

Status

Stub

Cloud-fluent

Unique Tools

Mimic ransomware