Threat actor Zestix is selling stolen corporate data from dozens of companies, likely after breaching cloud platforms like ShareFile, Nextcloud, and OwnCloud. The breaches often involve credentials obtained through infostealers such as RedLine, Lumma, and Vidar, highlighting significant security gaps. #Zestix #Infostealers
Keypoints
- Zestix operates as an initial access broker on underground forums, selling access to corporate cloud services.
- Many breaches involve stolen credentials collected via infostealers like RedLine, Lumma, and Vidar.
- Organizations across sectors such as defense, healthcare, and government are targeted, exposing sensitive data.
- Lack of multi-factor authentication (MFA) and failure to rotate credentials facilitate unauthorized access.
- Hudson Rock is working to alert affected cloud service providers about the exposures.