- Hacker “Zestix” (also known as Sentap) is auctioning stolen data from 50 global companies, including Deloitte, KPMG, Samsung and Pickett & Associates.
- Victims lacked MFA and had devices compromised by data thieves such as RedLine, Lumma or Vidar, allowing credential theft.
- Poor password hygiene and legacy credentials enabled large-scale exfiltration; Pickett alone lost ~139 GB of confidential files
Someone is auctioning off a wide range of highly sensitive data, obtained from 50 global companies, on the dark web. Among the victims are a couple of real heavyweights, such as Pickett & Associates, Deloitte, KPMG and Samsung.
The news comes from Israeli cybersecurity startup Hudson Rock, who recently published an in-depth report on a hacking campaign carried out by a hacker with the alias Zestix (aka Sentap).
According to the report, all victims had one thing in common: they did not enforce multi-factor authentication (MFA) and allowed access to corporate cloud instances of ShareFile, OwnCloud, and Nextcloud, with nothing more than a password.
Stolen old passwords
Another thing that all victims had in common was the fact that at least one of their devices was compromised with data-stealing malware, whether RedLine, Lumma, or Vidar.
It’s unclear how the devices ended up being compromised, but what matters is that Zestix was able to use the credentials to access the cloud instances and exfiltrate the data. In some cases, the passwords were years old, which also means that the victim organizations had poor password practices and rarely rotated their credentials.
“When an employee logs into corporate portals, they assume their password is sufficient. However, Zestix relies on the widespread distribution of information-stealing malware to infect personal or professional devices,” Hudson Rock explained.
“A key finding in this investigation is the latency of the threat. While some credentials were obtained from recently infected machines, others had been sitting in logs for years, waiting to be exploited by an actor like Zestix. This highlights a widespread failure in credential hygiene; passwords were not rotated and sessions were never invalidated, turning a years-old infection into a current catastrophe.”
The report doesn’t mention concrete numbers, but with so many large companies affected, it’s safe to assume this is a big undertaking. Just Pickett & Associates, whose news of the breach emerged earlier this week, apparently lost around 139GB of confidential files.
Through The Registry
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
