BleepingComputer reports:
A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances.
According to cybercrime intelligence company Hudson Rock, initial access may have been obtained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar deployed on employee devices.
… Hudson Rock says that Zestix operates as an initial access broker (IAB) on underground forums, selling access to high-value corporate cloud platforms.
The cybersecurity company suggest that attackers breached ShareFile, Nextcloud, and ownCloud environments used by organizations across multiple sectors, including aviation, defense, healthcare, utilities, mass transit, telecommunications, legal, real estate, and government.
Read more at BleepingComputer.
