The TXT files often contain sensitive information like passwords, configuration details, or system logs, due to which it attracts hackers.
Even TEXT files are commonly used for storing plaintext data, which makes them easy targets for hackers to exfiltrate sensitive data.
In addition, hackers use TXT files to disguise malicious code or instructions, exploiting users who unknowingly execute them.
In September 2023, cybersecurity researchers at iZOOlogic identified a new threat group and named it “Nusa Cloud.” What is alarming is that this group primarily focuses on distributing users’ hacked passwords for free, which poses a great danger to online security.
Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers
Notorious Nusa Cloud Exposing TXT Files
Nusa Cloud is a newly established group of threat actors that is still anonymous on Telegram.
However, researchers uncovered their large-scale operation of sharing compromised user credentials through huge-sized TXT files, ranging from 700MB to 3GB.
Hunting for credentials all over the underground scene, Nusa Cloud groups them into nation-specific files showing a wide range of victims across different regions and sectors.
The magnitude and complexity of their undertakings distinguish them as a major threat to online security.
Individuals, companies, and organizations have all been affected by Nusa Cloud’s malicious credential leaks, consequently emphasizing the importance of proactive cyber security.
This crew often deletes its Telegram group to avoid detection, but it is not clear why. Due to the huge threat posed by the Nusa cloud, researchers are still watching their moves closely.
Nusa Cloud is most worried about sharing stolen data for free instead of following the traditional ways cybercriminals monetize their thefts.
The reason for this strange behavior is not known, but it could be that by doing so, they want to get more visibility and interaction from within the cybercrime world.
By September 2023, researchers had recovered 1,051 lists of combo list files from Nusa Cloud, with a mind-staggering 2 billion compromised credentials.
On April 25, 2024, the Nusa Cloud channel closed down, a sign of progress in dealing with its threat.
However, the utilization of innovative technologies and cooperation are very important in untangling the complexities of these kinds of cyber threats and strengthening resilience towards emerging types of online offenses in the contemporary digital era.
To win this war, it is important always to cooperate and be alert.
Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide
Source: Original Post