Nearly 375,000 of almost 20 million information-stealing malware
logs on the dark web had business application access, indicating the significant compromise of business environments achieved by infostealers, reports BleepingComputer
More than half of the stolen business app access logs were AWS Console credentials, while almost 48,000 logs were found to have access to identity management service "okta.com," which is being leveraged by enterprises for cloud and on-premise user authentication, according to a report from Flare.
On the other hand, OpenAI credentials were discovered in over 200,000 stealer logs. The findings also showed that most of the logs were found on Telegram channels, with VIP channels leveraged for higher-value logs.
"Based on evidence from the dark web forum Exploit.in, we rate it as highly likely that initial access brokers are using stealer logs as a principal source to gain an initial foothold to corporate environments that can then be auctioned off on top-tier dark web forums," said Flare researcher Eric Clay.