UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | Google Cloud Blog
Tags
cmtmf-attack-pattern: Command-Line Interface
maec-delivery-vectors: Watering Hole
attack-pattern: Data Cloud Services - T1021.007 Command-Line Interface - T1605 Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Multi-Factor Authentication - T1556.006 Python - T1059.006 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Command-Line Interface - T1059 Command-Line Interface
Show in Graph
Common Information
Type Value
UUID 1ffdfe80-0265-46dd-9782-af4d391e791d
Fingerprint 659dd8530d1fb3a8
Analysis status DONE
Considered CTI value 1
Text language
Published June 10, 2024, midnight
Added to db Aug. 31, 2024, 10:13 a.m.
Last updated Dec. 17, 2024, 1:42 p.m.
Headline UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
Title UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion | Google Cloud Blog
Detected Hints/Tags/Attributes 67/3/6
Source URLs
Redirection Url
Details Source https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion/
URL Provider
Details Provider Source level domain
Details google.com cloud.google.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 330 Threat Intelligence https://www.mandiant.com/resources/blog/rss.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Autonomous System Number 3 
AS200019
Details Domain 2 
snowflakecomputing.com
Details IPv4 2 
45.27.26.205
Details IPv4 1 
3.0.22.14
Details IPv4 3 
37.19.210.21
Details Mandiant Uncategorized Groups 34 
UNC5537