Attacks by the Muddled Libra threat operation — also known as UNC3944, Scattered Spider, Scatter Swine, and Starfraud — have been redirected at cloud service providers and software-as-a-service apps as part of efforts to bolster its data extortion efforts, reports The Hacker News. Muddled Libra has been leveraging admin user credentials obtained through reconnaissance efforts to facilitate lateral movement and eventual access to cloud environments and SaaS apps, such as Microsoft Azure and Amazon Web Services and related services including Azure Blob Storage and Azure Files, as well as AWS IAM and AWS Secrets Manager, according to a report from Palo Alto Networks Unit 42.
Source: SC Magazine