Tags
Attribution
Unknown
Incidents
Jupyter Notebook cred harvesting campaign
“Redirection Roulette”
LastPass & GoTo incident
Fast Company incident
Optus incident
GitHub & npm incident
Imperva incident
ESXiArgs ransomware campaign
RBAC Buster
Behind the scenes in the Expel SOC: Alert-to-fix in AWS
Large-scale cryptomining attack against K8s clusters detected by Azure
From CLI to console, chasing an attacker in AWS
Spotting an attacker in GCP
Poisoned image to K8s to cloud
SIM-Swap to Data Leak on Dark Web
Misconfigured firewall to cryptojacking botnet
SugarCRM as initial access to AWS envs
Use of linPEAS for cloud enumeration
From PHP exploitation to AWS lateral movement
Rollbar hack
Retool hack
Cloud tools imitation campaign
Qubitstrike Crypto Mining and Rootkit Campaign
Apache server Cryptojacking with Cobalt Strike
Denonia campaign
OracleIV campaign
Sumologic incident
Tsunami targeting Jenkins and Weblogic
EleKtra-Leak
IceFire Aspera Faspex campaign
SQL Server to cloud lateral movement
First Republic Bank incident
Cloud lateral movement via Citrix cookie
Codecov incident
Apache app cryptojacking campaign
FBot toolkit targets cloud environments
From PHP vuln to Sliver execution via cron
From web app exploitation to Chisel tunneling
From WSO2 RCE to SSH lateral movement
Evil_MinIO campaign
Leaked long-lived AWS creds
9hits Docker campaign
AndroxGh0st usage (2024)
From ActiveMQ to Godzilla webshell
RE#TURGENCE MSSQL Server RansomOp
DangerDev SES abuse incident
S3 data exfiltration
ECS Fargate cryptojacking
Okta support system supply chain attack
Cloudflare incident following Okta breach
New Relic incident (November 2023)
Webmin supply chain attack (2018)
Ivanti supply chain attack via compromised library
SSH-Snake Confluence targeting campaign
S3 ransomware scam
S3 ransomware following long-term key exposure
CGI Federal incident
LINE and NAVER Cloud incident
Cetus campaign
Graboid campaign
C3Pool mining via Confluence vulnerability
Sliver deployment via Confluence vulnerability
Almerys breach
Viamedis breach
From social engineering to cryptocurrency theft
Redis, Hadoop, and Docker exploitation
Meson Network cryptojacking campaign
ngrok cryptojacking campaign
Gin Docker cryptojacking campaign
Widespread TeamCity exploitation (March ‘24)
Okta source code theft
Auth0 source code theft
XZ Utils backdoor incident
Top.gg repo compromise
Sisense breach
Kubernetes Clusters Targeted in OpenMetadata Exploits
Delinea breach
Cryptojacking via Azure Batch
Mirai campaign targeting Ivanti products
LLMjacking via Laravel exploitation
Last edited
Jan 18, 2024 1:25 PM
Status
Stub
Cloud-fluent
Unique Tools