- Hacker “Zestix” (aka Sentap) auctions stolen data from 50 global companies, including Deloitte, KPMG, Samsung and Pickett & Associates
- Victims lacked MFA and had devices compromised by infostealers such as RedLine, Lumma or Vidar, enabling credential theft
- Poor password hygiene and years-old credentials allowed large-scale exfiltration; Pickett alone lost ~139 GB of sensitive files
Someone is auctioning a large amount of highly sensitive data, collected from 50 global companies, on the dark web. Among the victims are a few real heavy hitters, such as Pickett & Associates, Deloitte, KPMG and Samsung.
The news comes from Israeli cybersecurity startup Hudson Rock, which recently released an in-depth report on a hacking campaign carried out by a hacker alias Zestix (AKA Sentap).
According to the report, all the victims had one thing in common – they did not enforce multi-factor authentication (MFA) and allowed access to the company’s cloud instances of ShareFile, OwnCloud and Nextcloud without more than a password.
Old passwords stolen
Another thing all victims had in common was that at least one of their devices was compromised with a piece of info-stealing malware – either RedLine, Lumma or Vidar.
How the devices ended up being compromised is unclear, but what matters is that Zestix was able to use the credentials to access the cloud instances and exfiltrate the data. In some cases, the passwords were years old, which also means that the victim organizations had poor password practices and rarely rotated their credentials.
“When an employee logs into corporate portals, they assume their password is enough. However, Zestix relies on the widespread distribution of infostealer malware to infect personal or professional devices,” explained Hudson Rock.
“A critical finding in this study is the latency of the threat. While some credentials were harvested from newly infected machines, others had been sitting in logs for years, waiting for an actor like Zestix to exploit them. This highlights a pervasive failure in credential hygiene; passwords were not rotated and sessions were never invalidated, turning a current disaster into a years-long infection.”
The report doesn’t cite hard numbers, but with so many large companies affected, it’s safe to assume this is a major compromise. Just Pickett & Associates, whose news of the breach broke earlier this week, apparently lost about 139GB of sensitive files.
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
