The recent attacks on customer accounts hosted on the Snowflake data warehousing platform could signal a broader shift among threat actors to targeting software-as-a-service (SaaS) application environments.
A recent Mandiant report highlighted another large threat actor that has begun going after enterprise data in SaaS applications in a broadening of its usual focus on Microsoft cloud environments and on-premises infrastructure. The threat actor, which Mandiant is tracking as UNC3944, is an English-language speaking group that other vendors have been tracking variously as Scattered Spider, Scatter Swine, Octo Tempest, and 0ktapus.
UNC3944: A Dangerous Cyber Adversary
The group’s more recent capers have included a ransomware attack that knocked numerous critical systems offline for days at MGM Resorts last year and another that targeted Caesars Entertainment, which reportedly paid millions of dollars to the group to get back access to its data. The likely US- or UK-based threat actor…