SnowFlake Cyber Threat Activity Targeting Customer Accounts - 20240604004

Overview

Snowflake recently observed and is investigating an increase in cyber threat activity targeting some of the customers’ accounts. It is believed to be a result of ongoing industry-wide, identity-based attacks with the intent to obtain customer data. Research indicates that these types of attacks are performed with the customers’ user credentials that were exposed through unrelated cyber threat activity. Although, it is believed this activity is not caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Throughout the course of our ongoing investigation, we have promptly informed the limited number of customers who we believe may have been impacted.

What is vulnerable?

• Snowflake customers’ accounts

Recommendation

The WA SOC recommends users and administrators to follow Snowflakes following recommendations to query and hunt for any malicious activity and conduct further analysis to prevent unauthorized user access.

• Detecting and Preventing Unauthorized User Access: Instructions
• ASD ACSC Mitigation Guides