Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News.
Muddled Libra has been leveraging admin user credentials obtained through reconnaissance efforts to facilitate lateral movement and eventual access to cloud environments and SaaS apps, such as Microsoft Azure and Amazon Web Services and related services including Azure Blob Storage and Azure Files, as well as AWS IAM and AWS Secrets Manager, according to a report from Palo Alto Networks Unit 42.
"By expanding their tactics to include SaaS applications and cloud environments, the evolution of Muddled Libra's methodology shows the multidimensionality of cyberattacks in the modern threat landscape. The use of cloud environments to gather large amounts of information and quickly exfiltrate it poses new challenges to defenders," said Zimmerman.