Tags
Attribution
Unknown
Incidents
Jupyter Notebook cred harvesting campaignRedirection RouletteLastPass & GoTo incidentFast Company incidentOptus incidentGitHub & npm incidentImperva incidentESXiArgs ransomware campaignRBAC BusterBehind the scenes in the Expel SOC: Alert-to-fix in AWSLarge-scale cryptomining attack against K8s clusters detected by AzureFrom CLI to console, chasing an attacker in AWSSpotting an attacker in GCPPoisoned image to K8s to cloudSIM-Swap to Data Leak on Dark WebMisconfigured firewall to cryptojacking botnetSugarCRM as initial access to AWS envsUse of linPEAS for cloud enumerationFrom PHP exploitation to AWS lateral movementRollbar hackRetool hackCloud tools imitation campaignQubitstrike Crypto Mining and Rootkit CampaignApache server Cryptojacking with Cobalt StrikeDenonia campaignOracleIV campaignSumologic incidentTsunami targeting Jenkins and WeblogicEleKtra-LeakIceFire Aspera Faspex campaignSQL Server to cloud lateral movementFirst Republic Bank incidentCloud lateral movement via Citrix cookieCodecov incidentApache app cryptojacking campaignFBot toolkit targets cloud environmentsFrom PHP vuln to Sliver execution via cronFrom web app exploitation to Chisel tunnelingFrom WSO2 RCE to SSH lateral movementEvil_MinIO campaignLeaked long-lived AWS creds9hits Docker campaignAndroxGh0st usage (2024)From ActiveMQ to Godzilla webshellRE#TURGENCE MSSQL Server RansomOpDangerDev SES abuse incidentS3 data exfiltrationECS Fargate cryptojackingOkta support system supply chain attackCloudflare incident following Okta breachNew Relic incident (November 2023)Webmin supply chain attack (2018)Ivanti supply chain attack via compromised librarySSH-Snake Confluence targeting campaignS3 ransomware scamCGI Federal incidentLINE and NAVER Cloud incidentCetus campaignGraboid campaignC3Pool mining via Confluence vulnerabilitySliver deployment via Confluence vulnerabilityFrom social engineering to cryptocurrency theft Redis, Hadoop, and Docker exploitationMeson Network cryptojacking campaignngrok cryptojacking campaignGin Docker cryptojacking campaignWidespread TeamCity exploitation (March ‘24)Okta source code theftAuth0 source code theftXZ Utils backdoor incidentSisense breachK8s targeted via OpenMetadata exploitationDelinea breachCryptojacking via Azure BatchMirai campaign targeting Ivanti productsLLMjacking via Laravel exploitationDero cryptojacking targeting K8sFrom SSH bruteforce to cryptojackingAlienFox campaignJavaScript injection via vulnerable CMSJavaScript injection via WordPress exploitationGitHub certificate theft incidentDropbox breachViamedis incidentAlmerys incidentS3 RansomOp following long-term key exposureAbusing management tooling for cloud accessPersonal local drive to AWS ransomwareThird party to cloud compromiseSmishing into Entra onto VMWare ransomwareFrom password reset to data exfiltrationCompromise of Top.gg repoScylla LLMJacking campaignDERO cryptojacking campaign (2024)Dama webshell deployment via ThinkPHP exploitationClub Penguin data theft via ConfluenceNYT source code theftSeleniumGreed: Threat actors exploit exposed Selenium Grid services for CryptominingMisconfigured Jenkins Servers Used for CryptominingPanamorfi campaignMsupedge Backdoor Targeting Taiwanese UniversityPG_MEM Malware Exploiting Misconfigured PostreSQL InstancesGodzilla Backdoor Exploiting Confluence VulnerabilityExtortion Campaign Exploiting Exposed Environment VariableHadooken Malware Targeting Weblogic ServersCampaign targeting Selenium Grid for cryptominingFortinet Sharepoint data leakConfluence exploited for cryptojackingGitHub PAT leakage leading to RDS Database exfiltrationDocker Swarm and K8s cryptojacking campaignperfctl Malware Targeting LinuxRackspace incident (2024)Veeam Vulnerability Exploited by Akira and Fog Ransomwareperfctl campaign targeting Docker APIkernel.org supply chain attackCdorked campaignSupply Chain Attack on lottie-playerBrowserStack Data BreachDrizly data breachThe Los Angeles Times Cryptomining AttackSharePoint Vulnerability Exploited in-the-WildRCE Vulnerability in PAN-OS Exploited in-the-Wild
Last edited
Jan 18, 2024 1:25 PM
Status
Stub
Cloud-fluent
Unique Tools