A security researcher told TechCrunch that a government server was exposing military emails to the internet because no password was set.
Resecurity notified several data center organizations about malicious cyber activity targeting them and their customers. The initial early-warning threat notification about this activity was sent around September 2021 with further updates during 2022 and January, 2023. Recent cyber-attacks on cloud service providers (CSPs) and managed services providers (MSPs) saw bad actors attempt to leverage a weakness in their cybersecurity supply chain with the goal of stealing sensitive data from their target enterprises and government organizations. Data centers are meaningful targets for attackers and an important element of the enterprise supply chain.
Such credentials in the wrong hands could be dangerous, experts say, potentially allowing physical access to data centers. The affected data center operators say the stolen information didn’t pose risks for customer IT systems.
“Story Killers” project: Forbidden Stories investigated the seedy clients linked to Eliminalia and the manipulation tactics they use.
