Researchers have uncovered new spearphishing campaign that leverages the DarkCloud Infostealer to steal FTP credentials, keystrokes and other information. You can find out more details about this campaign here: https://www.esentire.com/blog/eye-of-the-storm-analyzing-darkclouds-latest-capabilities
Henrique Teixeira, SVP of Strategy at Saviynt, commented:
“Infostealers are a type of malware often specifically designed to steal user credential data. 46% of the time, infostealers are running in employee devices not managed by their employers (https://www.verizon.com/business/resources/infographics/2025-dbir-infographic.pdf). While it’s important to stay aware of new versions and campaigns utilizing these vectors, it’s even more critical for cybersecurity and identity leaders to understand the full attack chain of these modern campaigns.
“Data stolen by infostealers is typically sold later to other criminals via Initial Access Brokers (IABs) on the dark web. However, this isn’t the only method used to gain access to organizations. As we’ve seen recently, these groups often employ a multi-pronged approach that can include extortion, social engineering, and compromising third-party access. AI has also risen in the methods of cyber attacks. Therefore, a more complete strategy to protect and defend against modern attacks requires understanding their anatomy and recognizing that credential abuse is the #1 vector of attack, and a low hanging fruit for attackers (and defenders).
“This attack highlights the importance of being able to measure and understand the current state of identity controls, and how resilient and prepared organizations are. This includes implementing least privilege principles for all accounts, discovering and removing long-standing privileges, and avoiding static and long-lived tokens. Identity security also needs to be applied to machine identities, or non-human identities (NHIs). Research shows that, in fact, 80% of the most recent identity-based attacks compromise non-human accounts instead of human ones ([https://nhimg.org/the-ultimate-guide-to-non-human-identities](https://nhimg.org/the-ultimate-guide-to-non-human-identities)).”
Since spearpishing is a highly targeted attack, it illustrates how careful that you have to be in order to not become a victim of such an attack. Thus consider yourself warned and act accordingly. This article will help you with that: https://www.fortinet.com/resources/cyberglossary/spear-phishing
Related
This entry was posted on September 30, 2025 at 8:52 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Spearphishing Attacks Uses DarkCloud Infostealer to Steal Credentials
Researchers have uncovered new spearphishing campaign that leverages the DarkCloud Infostealer to steal FTP credentials, keystrokes and other information. You can find out more details about this campaign here: https://www.esentire.com/blog/eye-of-the-storm-analyzing-darkclouds-latest-capabilities
Henrique Teixeira, SVP of Strategy at Saviynt, commented:
“Infostealers are a type of malware often specifically designed to steal user credential data. 46% of the time, infostealers are running in employee devices not managed by their employers (https://www.verizon.com/business/resources/infographics/2025-dbir-infographic.pdf). While it’s important to stay aware of new versions and campaigns utilizing these vectors, it’s even more critical for cybersecurity and identity leaders to understand the full attack chain of these modern campaigns.
“Data stolen by infostealers is typically sold later to other criminals via Initial Access Brokers (IABs) on the dark web. However, this isn’t the only method used to gain access to organizations. As we’ve seen recently, these groups often employ a multi-pronged approach that can include extortion, social engineering, and compromising third-party access. AI has also risen in the methods of cyber attacks. Therefore, a more complete strategy to protect and defend against modern attacks requires understanding their anatomy and recognizing that credential abuse is the #1 vector of attack, and a low hanging fruit for attackers (and defenders).
“This attack highlights the importance of being able to measure and understand the current state of identity controls, and how resilient and prepared organizations are. This includes implementing least privilege principles for all accounts, discovering and removing long-standing privileges, and avoiding static and long-lived tokens. Identity security also needs to be applied to machine identities, or non-human identities (NHIs). Research shows that, in fact, 80% of the most recent identity-based attacks compromise non-human accounts instead of human ones ([https://nhimg.org/the-ultimate-guide-to-non-human-identities](https://nhimg.org/the-ultimate-guide-to-non-human-identities)).”
Since spearpishing is a highly targeted attack, it illustrates how careful that you have to be in order to not become a victim of such an attack. Thus consider yourself warned and act accordingly. This article will help you with that: https://www.fortinet.com/resources/cyberglossary/spear-phishing
Share this:
Like this:
Related
This entry was posted on September 30, 2025 at 8:52 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.