An unknown financially motivated crime crew has swiped a 'significant volume of records' from Snowflake customers' databases using stolen credentials, according to Mandiant.
The crew behind the Snowflake intrusions may have ties to Scattered Spider, aka UNC3944 - the notorious gang behind the mid-2023 Las Vegas casino breaches.
Mandiant also noted that there's no evidence a breach of Snowflake's own enterprise environment was to blame for its customers' breaches, with all incidents traced back to compromised customer credentials.
Mandiant identified that the attackers used legitimate credentials previously stolen using infostealer malware to access and exfiltrate data from Snowflake environments, emphasizing the importance of multi-factor authentication.
Collection
[
|
...
]