Cloud File-Sharing Sites Targeted for Corporate Data Theft Attacks

Related

KDDI Confirms Zero-Day Exploit Behind Breach Affecting 12 Million People

What happened KDDI has updated its earlier breach disclosure, confirming...

Aflac Japan Data Breach Impacts 4.38 Million Customers and Agents

What happened Aflac Life Insurance Japan disclosed a data breach...

Nissan Discloses Employee Data Breach Linked to Oracle Zero-Day Attacks

What happened Nissan disclosed a data breach affecting current and...

KDDI Breach Exposes Up to 14.2 Million Email Logins at Six ISPs

What happened Japanese telecommunications operator KDDI disclosed a data breach...

Xsolis Data Breach Affects 1.4 Million Individuals

What happened Healthcare technology company Xsolis disclosed a data breach...

Share

What happened

Threat actors are targeting cloud file-sharing platforms ShareFile, Nextcloud, and OwnCloud to steal sensitive corporate data. According to analysis from Hudson Rock, attackers obtain valid credentials using infostealer malware such as RedLine, Lumma, and Vidar, then use those credentials to access corporate cloud storage where MFA is not enforced. Stolen data includes government contracts, ERP source code, engineering documents, healthcare records, and defense-related files. The attackers act as initial access brokers, reselling compromised access to other threat actors.

Who is affected

Organizations using ShareFile, Nextcloud, or OwnCloud without enforced MFA and strong credential hygiene are at elevated risk.

Why CISOs should care

Credential-based cloud compromise can result in silent, large-scale data exfiltration without triggering perimeter defenses.

3 practical actions

1. Enforce MFA everywhere: Require multi-factor authentication for all cloud file-sharing platforms.

2. Monitor credential exposure: Track leaked credentials and force password rotation when exposure is detected.

3. Reduce infostealer risk: Strengthen phishing defenses and endpoint protection against credential-stealing malware.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.