Mandiant cybersecurity experts: The APT (aka UNC2452) also shows two distinct clusters of activity, UNC3004 and UNC2652.
NordLocker: 26 million login credentials are exposed on the cloud. Researchers found a 1.2 TB database of stolen data for sale. Inside there were files, cookies, and credentials. Suspects on Raccoon
At least 26 million login credentials have been exposed on the cloud. It has been discovered by NordLocker cybersecurity experts. The researchers uncovered and analyzed a 1.2 TB database of stolen data for sale. Inside there were files, cookies, and credentials that came from 3.2 million Windows-based computers. The data was stolen between 2018 and 2020. The database included 2 billion cookies. The analysis revealed that over 400 million, or 22%, of those cookies were still valid at the time when the database was discovered. It was hosted on a cloud service, which was then notified, and the data was taken down. Data were collected thanks to a malware, but it’s unknown of which family. However, Raccoon could be a likely suspect. It is malware as a service, and subscribers can pick and choose infected machines from a control panel that runs as a Tor hidden service to see what data the botnet has collected from victims. Furthermore, batches of Raccoon data frequently leak.