Cloud File-Sharing Sites Targeted for Corporate Data Theft Attacks

What happened

Threat actors are targeting cloud file-sharing platforms ShareFile, Nextcloud, and OwnCloud to steal sensitive corporate data. According to analysis from Hudson Rock, attackers obtain valid credentials using infostealer malware such as RedLine, Lumma, and Vidar, then use those credentials to access corporate cloud storage where MFA is not enforced. Stolen data includes government contracts, ERP source code, engineering documents, healthcare records, and defense-related files. The attackers act as initial access brokers, reselling compromised access to other threat actors.

Who is affected

Organizations using ShareFile, Nextcloud, or OwnCloud without enforced MFA and strong credential hygiene are at elevated risk.

Why CISOs should care

Credential-based cloud compromise can result in silent, large-scale data exfiltration without triggering perimeter defenses.

3 practical actions

1. Enforce MFA everywhere: Require multi-factor authentication for all cloud file-sharing platforms.

2. Monitor credential exposure: Track leaked credentials and force password rotation when exposure is detected.

3. Reduce infostealer risk: Strengthen phishing defenses and endpoint protection against credential-stealing malware.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  CISO Diaries: Alessio Cipolletta on Security in Safety-Critical Aviation Environments
• John Kevin Hao

  FBI Warns of Kali365 Phishing-as-a-Service Platform After April Microsoft 365 Attacks
• John Kevin Hao

  Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
• John Kevin Hao

  CISO Diaries: Jason Scanlon on Security Culture, Leadership, and the Human Side of Cybersecurity