Wired has a good story from Kim Zetter (npub1gxm…hhnu) about how the ShinyHunters group got access to Ticketmaster's Snowflake cloud account.
"Snowflake has not revealed details about how the hackers accessed the accounts, saying only that the intruders did not directly breach Snowflake’s network. This week, Google-owned security firm Mandiant, one of the companies engaged by Snowflake to investigate the breaches, revealed in a blog post that in some cases the hackers first obtained access through third-party contractors, without identifying the contractors or stating how this access aided the hackers in breaching the Snowflake accounts.
But according to one of the hackers who spoke with WIRED through a text chat, one of those firms was EPAM Systems, a publicly traded software engineering and digital services firm, founded by Belarus-born Arkadiy Dobkin, with current revenue of around $4.8 billion. The hacker says his group, which calls themselves ShinyHunters, used data found on an EPAM employee system to gain access to some of the Snowflake accounts."
https://www.wired.com/story/epam-snowflake-ticketmaster-breach-shinyhunters/
BrianKrebs /
npub1vc…0axsh
2024-06-17 15:14:51
Author Public Key
npub1vc39pnjdqd77zzdxff4qyv8h3x0ey2mkx33c3vl8egr0a9ysxkxsk0axshPublished at
2024-06-17 15:14:51Event JSON
{
"id": "1f2b2fe452bac81bff688ccdd98ab92d131d23996b16743d789b4bafdcd53da2",
"pubkey": "662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d",
"created_at": 1718637291,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@briankrebs/112632613518427425",
"web"
],
[
"p",
"41b6f547c3add1254a545c09e08ece6e782544e54b506be49fd38340dc8bfecd"
],
[
"proxy",
"https://infosec.exchange/users/briankrebs/statuses/112632613518427425",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/briankrebs/statuses/112632613518427425",
"pink.momostr"
]
],
"content": "Wired has a good story from nostr:npub1gxm0237r4hgj2jj5tsy7prkwdeuz2389fdgxheyl6wp5phytlmxs0yhhnu about how the ShinyHunters group got access to Ticketmaster's Snowflake cloud account. \n\n\"Snowflake has not revealed details about how the hackers accessed the accounts, saying only that the intruders did not directly breach Snowflake’s network. This week, Google-owned security firm Mandiant, one of the companies engaged by Snowflake to investigate the breaches, revealed in a blog post that in some cases the hackers first obtained access through third-party contractors, without identifying the contractors or stating how this access aided the hackers in breaching the Snowflake accounts.\n\nBut according to one of the hackers who spoke with WIRED through a text chat, one of those firms was EPAM Systems, a publicly traded software engineering and digital services firm, founded by Belarus-born Arkadiy Dobkin, with current revenue of around $4.8 billion. The hacker says his group, which calls themselves ShinyHunters, used data found on an EPAM employee system to gain access to some of the Snowflake accounts.\"\n\nhttps://www.wired.com/story/epam-snowflake-ticketmaster-breach-shinyhunters/",
"sig": "f39bfadf8a8a545963c9f5d75e5b1f588ee8be1a5bb67021ec6d6d5d04a7e8871cbd1deb1f6a6a255168060789e501740d18eb45845ce67cd6ff233baa6cef1a"
}