UAT-10608UAT-10608

Also known as: UAT-10608

Known aliases
1

Profile

UAT-10608 is a threat cluster observed by Cisco Talos conducting a large-scale, automated credential-harvesting campaign against public-facing web applications, especially Next.js deployments, using a custom framework called NEXUS Listener to extract and exfiltrate secrets such as credentials, SSH keys, cloud tokens, and API keys. The activity has been linked to broad opportunistic scanning and at least 766 compromised hosts across multiple regions and cloud providers.

Aliases· 1

UAT-10608

References

  1. https://blog.talosintelligence.com/uat-10608-inside-a-large-scale-automated-credential-harvesting-operation-targeting-web-applications/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UAT-8616
Actor
UAT-10362
Actor
TA406
Actor
UAT-9686
Actor
UTG-Q-008
Actor
UAT-6382
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.