Cyber Threat Actor Zestix Targets Corporate Data through File-Sharing Sites
In the rapidly evolving digital landscape, cybersecurity remains a critical concern for businesses worldwide, including those in Northeast India. A recent report by cybercrime intelligence company Hudson Rock has highlighted a new threat actor, Zestix, that has been offering to sell corporate data stolen from numerous companies. The stolen data is believed to have been obtained through breaches of ShareFile, Nextcloud, and OwnCloud instances.
Infiltration Strategies and Info-Stealers
Initial access to these corporate cloud platforms may have been gained through credentials collected by info-stealing malware such as RedLine, Lumma, and Vidar. These malware variants are typically distributed through malvertising campaigns or ClickFix attacks, targeting data stored by web browsers, messaging apps, and cryptocurrency wallets.
Lack of Multi-Factor Authentication and Credential Management
The report notes that some of the stolen credentials have been present in criminal databases for years, indicating a failure to rotate them or to invalidate active sessions even after extended periods. This underscores the importance of implementing multi-factor authentication (MFA) and secure credential management practices.
Implications for Northeast India and the Wider Indian Context
The breaches affected organizations across multiple sectors, including aviation, defense, healthcare, utilities, mass transit, telecommunications, legal, real estate, and government. Given the interconnected nature of the economy, such breaches could potentially impact businesses in Northeast India, particularly those that are part of the supply chain of affected organizations.
A Broader, Systemic Problem
Hudson Rock's findings suggest that the problem of cloud exposure is not limited to the identified victims. Their threat intelligence data indicates that thousands of infected computers, including some at major global corporations, pose similar risks. This underscores the need for a holistic approach to cybersecurity, with a focus on educating employees about the risks of clicking on suspicious links and downloading unverified software.
Moving Forward
As the digital landscape continues to evolve, it is crucial for businesses to stay vigilant and proactive in their cybersecurity measures. This includes implementing robust security protocols, regularly updating software and credentials, and providing regular cybersecurity training for employees. By doing so, businesses can better protect themselves against threats such as those posed by Zestix.