- Hacker “Zestix” (aka Sentap) is auctioning stolen data from 50 global enterprises, including Deloitte, KPMG, Samsung, and Pickett & Associates
- Victims lacked MFA and had devices compromised by infostealers like RedLine, Lumma, or Vidar, enabling credential theft
- Poor password hygiene and years-old credentials allowed large-scale exfiltration; Pickett alone lost ~139 GB of sensitive files
Someone is auctioning a wide range of highly sensitive data, picked up from 50 global enterprises, on the dark web. Among the victims are a couple of real heavy hitters, such as Pickett & Associates, Deloitte, KPMG, and Samsung.
The news comes from the Israeli cybersecurity startup Hudson Rock, who recently issued an in-depth report on a hacking campaign conducted by a hacker with the alias Zestix (AKA Sentap).
As per the report, all of the victims had one thing in common – they did not enforce multi-factor authentication (MFA), and allowed access to corporate cloud instances of ShareFile, OwnCloud, and Nextcloud, with nothing more than a password.
Old passwords stolen
Another thing all victims had in common was the fact that at least one of their devices was compromised with a piece of infostealing malware – either RedLine, Lumma, or Vidar.
How the devices ended up compromised is unclear, but what matters is that Zestix was able to use the credentials to access the cloud instances and exfiltrate the data. In some cases, the passwords were years old, which also means the victim organizations had poor password practices and rarely rotated their credentials.
“When an employee logs into corporate portals, they assume their password is enough. However, Zestix relies on the widespread distribution of infostealer malware to infect personal or professional devices,” Hudson Rock explained.
“A critical finding in this investigation is the latency of the threat. While some credentials were harvested from recently infected machines, others had been sitting in logs for years, waiting for an actor like Zestix to exploit them. This highlights a pervasive failure in credential hygiene; passwords were not rotated, and sessions were never invalidated, turning a years-old infection into a present-day catastrophe.”
The report does not mention hard numbers, but with so many large enterprises being hit, it’s safe to assume that this is a large compromise. Just Pickett & Associates, whose news of the breach emerged earlier this week, apparently lost around 139 GB of sensitive files.
Via The Register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also Follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
