Update on Snowflake Cyber Threat
On June 2, 2024, cloud service provider Snowflake reported increased cyber threat activity targeting some of its customers' accounts. Snowflake recommended that customers review unusual activity to detect and prevent unauthorized user access. The Cybersecurity and Infrastructure Agency (CISA) then sent an alert on June 3, 2024, recommending that Snowflake customers “hunt for malicious activity, report positive findings to CISA, and review the Snowflake notice” on steps to take. On June 10, 2024, Mandiant provided additional information about the incident. If you are a Snowflake user, the Mandiant Alert is a mandatory read. According to Mandiant, it identified a campaign by threat actor UNC5537, targeting “Snowflake database instances with the intent of data theft and extortion.” The threat actor is suspected of having stolen records from Snowflake customers using stolen customer credentials and subsequently advertised the sale of customer data attempting to extort Snow...