Lack of MFA is Common Thread in Vast Cloud Credential Heist
Summary
Cybersecurity firm Hudson Rock reports a threat actor known as “Zestix” (also tracked as “Sentap”) used infostealers such as RedLine, Lumma and Vidar to harvest saved credentials and browser logs from infected machines. The actor then used valid credentials to access enterprise collaboration and file‑sharing platforms (ShareFile, OwnCloud, Nextcloud) — not by exploiting software flaws but simply by signing in where multi‑factor authentication (MFA) was not enforced.
About 50 enterprises had stolen data auctioned, and Hudson Rock’s intelligence indicates thousands more organisations have compromised credentials circulating in infostealer logs. The breaches cut across industries including aviation, construction, legal services, robotics and critical infrastructure. The central failure: poor credential hygiene — passwords not rotated, sessions not invalidated, and MFA not enforced.
Key Points
- Zestix distributed infostealers to collect saved credentials and browser histories from infected endpoints.
- Stolen credentials were used to log into collaboration platforms (ShareFile, OwnCloud, Nextcloud) with valid logins — no exploit or cookie theft required.
- Hudson Rock found data from roughly 50 enterprises being auctioned and thousands more organisations at risk due to exposed credentials in logs.
- The primary root cause is lack of MFA combined with poor password rotation and session management.
- Affected organisations span multiple sectors, including major airlines, systems integrators and government agencies.
- Effective mitigations are straightforward: enforce MFA on cloud gateways, rotate credentials, invalidate stale sessions and harden endpoints against infostealers.
Why should I read this?
Because it’s maddeningly simple and everywhere — attackers are reusing stolen passwords, not inventing new hacks. If you manage cloud accounts or file shares, this is your wake‑up call: flip on MFA, tidy up password hygiene and kill stale sessions before you become the next victim.
Author’s take
Punchy: This isn’t sexy malware theatre — it’s preventable. Big organisations leaving basic defences off is embarrassing and costly. Read the details if you want practical reasons and quick wins to stop being an easy target.