A financially motivated threat actor named UNC5537 collected data from 165 organizations' Snowflake instances using stolen credentials, then sold the data for malicious purposes like cyber espionage and fraud.
Credentials were obtained from infostealer malware campaigns infecting non-Snowflake systems, allowing UNC5537 access to exfiltrate significant customer data. Malware families involved included Vidar, Risepro, Redline, and others.
[
add
]
[
|
|
...
]