Cybersecurity

Ultimate Guide: Cloud File-sharing Sites Targeted For Corporate Data Theft Attacks

2026-01-05 0 views admin
Ultimate Guide: Cloud File-sharing Sites Targeted For Corporate Data Theft Attacks

A threat actor known as Zestix has been offering to sell corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances.

According to cybercrime intelligence company Hudson Rock, initial access may have been obtained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar deployed on employee devices.

The three infostealers are usually distributed through malvertising campaigns or ClickFix attacks. This type of malware commonly targets data stored by web browsers (credentials, credit cards, personal info), messaging apps, and cryptocurrency wallets.

A threat actor with valid credentials can gain unauthorized access to a service, such as a file-sharing platforms, when multi-factor authentication (MFA) protection is missing.

In a report today, Hudson Rock notes that some of the analyzed stolen credentials have been present in criminal databases for years, indicating failure to rotate them or to invalidate active sessions even after extended periods.

Hudson Rock says that Zestix operates as an initial access broker (IAB) on underground forums, selling access to high-value corporate cloud platforms.

The cybersecurity company suggest that attackers breached ShareFile, Nextcloud, and ownCloud environments used by organizations across multiple sectors, including aviation, defense, healthcare, utilities, mass transit, telecommunications, legal, real estate, and government.

After parsing infostealer logs "specifically looking for corporate cloud URLs (ShareFile, Nextcloud)," the threat actor logs into the file-sharing services using a valid username and password where MFA is not active.

Hudson Rock says it pinpointed the likely breach points by correlating infostealer data from its platform with publicly available images, metadata, and open-source information.

In at least 15 of the analyzed cases, the cybersecurity company found that employee credentials for the cloud file-sharing services had been collected by infostealers.

Source: BleepingComputer

🏷️ Tags

cybersecuritysecuritybreachmalwareattack

More from Cybersecurity

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

Ultimate Guide: Trend Micro Warns Of Critical Apex Central RCE Vulnerability

2026-01-09 0
Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

Report: Trend Micro Apex Central RCE Flaw Scores 9.8 Cvss In On-prem...

2026-01-09 0
Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

Cisa Retires 10 Emergency Cybersecurity Directives Issued Between

2026-01-09 0
Fbi Warns North Korean Hackers Using Malicious Qr Codes In

Fbi Warns North Korean Hackers Using Malicious Qr Codes In

2026-01-09 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views