The threat actors have been operating a sophisticated credential marketplace on Telegram since October 18, 2023, selling access to financial platforms, cloud services, government portals, and personal accounts at alarmingly accessible prices. A significant cybersecurity breach has been uncovered involving the hacker group known as “Daisy Cloud,” which has exposed more than 30,000 login credentials spanning numerous digital services. The stolen credentials grant access to high-value targets including cryptocurrency exchanges like Binance and Coinbase, personal services such as Facebook and Netflix, and critical infrastructure including government portals from multiple nations. During their analysis of the exposed data dump, they discovered administrative access to cloud and on-premise servers spanning multiple geographic regions. The Daisy Cloud incident demonstrates the evolution of credential theft operations from opportunistic attacks to sophisticated, multi-stage campaigns with potential for lateral movement. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The researchers noted that many of these servers lacked proper security controls, with some missing antivirus protection entirely, creating an ideal environment for malware propagation and persistence. The exposed credentials appear to be harvested through information-stealing malware, potentially linked to the notorious RedLine Stealer family, which has been a persistent threat in the cybercrime ecosystem. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Veriti researchers observed evidence of coordinated infections across entire network segments in several countries, including Poland, the Netherlands, the UK, and the United States. This suggests that initial credential theft serves as merely the first stage in a broader access operation potentially leading to ransomware deployment or data exfiltration.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 31 Mar 2025 08:05:14 +0000