The Hacker News reports:
Cloud computing and analytics company Snowflake said a “limited number” of its customers have been singled out as part of a targeted campaign.
“We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform,” the company said in a joint statement along with CrowdStrike and Google-owned Mandiant.
“We have not identified evidence suggesting this activity was caused by compromised credentials of current or former Snowflake personnel.”
It further said the activity is directed against users with single-factor authentication, with the unidentified threat actors leveraging credentials previously purchased or obtained through information-stealing malware.
Read more at The Hacker News.
Much of their statement appeared to be in response to an article, now deleted, by a cybersecurity vendor.
In response to this incident and an uptick in attacks on companies using Snowflake environments, experts and agencies are urging companies to require multifactor authentication and to look for signs of compromised credentials.