Credential theft

Tags

ATT&CK Tactic

Credential Access (TA0006)

Incidents

SilentBob cryptomining campaignQubitstrike Crypto Mining and Rootkit CampaignLAPSUS$ campaignsFBot toolkit targets cloud environmentsCommando Cat campaignFrom S3 bucket to Jenkins credential dumpAffirmed Networks breachLLMjacking via Laravel exploitationAtlas Lion phishing campaignSmishing into Entra onto VMWare ransomwareScattered Spider SaaS targeting (2024)CRYSTALRAY: threat actors exploiting OSS toolsRansomware operators exploit ESXi vulnerabilityScattered Spider Abuses Cloud Management AgentShinyHunters Ransomware Targeting Cloud EnvironmentsExtortion Campaign Exploiting Exposed Environment VariableAPT29 Targeting Zimbra and TeamCity ServersEarth Simnavaz (APT34) Targeting UAE and Gulf RegionsUNC5820 exploiting FortiManager flawBrowserStack Data BreachDropbox Github breachMozi Botnet Using AndroxGh0st Toolkit to Target Cloud EnvironmentsSharePoint Vulnerability Exploited in-the-WildEarth Kasha’s Campaign Exploiting Fortinet VulnerabilityVolkswagen data leak through Spring Boot Actuator misconfigurationPhishing campaign leading to Azure account takeoverStorm-0501 attacking hybrid environments with ransomwareBapak Exploiting Stolen Cloud Access KeysTRIPLESTRENGTH: Cloud Account Hijacking and Cryptocurrency Mining via Stolen CredentialsSeashell Blizzard Subgroup's Campaign Exploiting Vulnerabilities for Data ExfiltrationRevivalStone Campaign by WinntiZapier data breachWeaver Ant data exfiltration campaignAtlas Lion Campaign Exploits Device Enrollment and MFA for PersistenceGrafana GitHub Action attempted supply chain attackRspack supply chain attackUNC5174 Exploits Ivanti CSA Zero-Days in “Houken” CampaignAzure Account Hijack via Stolen TokensAWS CodeBuild Vulnerability Allows Build Process Secrets ExtractionUAT-7237 Targets Taiwanese Web Infrastructure Using Customized Open-Source ToolsGENESIS PANDA's Cloud Intrusions: Persistent Control Plane Exploitation and Access BrokerageCompromised Salesloft Drift Tokens Enable Data Theft Across IntegrationsGhostAction campaignShai-Hulud: Ongoing Package Supply Chain Compromise Delivering Data-Stealing MalwareBRICKSTORM Espionage Backdoor Targeting U.S. Tech and Legal SectorsIIS Backdoor Exploiting Exposed ASP.NET Machine Keys

Last edited

May 20, 2024 6:49 AM

Status

Stub

Defenses

Access Control List (ACL)Role-Based Access Control (RBAC)Single Sign-On (SSO)Key Management System (KMS)