Skip to content
Techzine Europe
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Europe
  • Techzine Netherlands
Techzine News Security Hackers sell data center login credentials of large multinationals
3 min Security

Hackers sell data center login credentials of large multinationals

Sander AlmekindersFebruary 21, 2023 3:04 pmFebruary 21, 2023
Hackers sell data center login credentials of large multinationals

Cybercriminals put stolen login data from large companies up for sale in late January. The data came from a number of the companies’ Asian data centers.

This was discovered by security specialist Resecurity in an investigation ongoing since September 2021. According to the investigation, several data center providers, cloud service providers and MSPs in Asia have been affected by a sustained cyber attack. The cybercriminals, originating from China and some other Asian countries, set out to steal login credentials and other sensitive data from (large) customers.

Bloomberg writes that the affected data center providers are Shanghai-based GDS Holdings and Singapore-based ST Telemedia Global Datacenters. Companies from which login credentials and data were allegedly stolen include Alibaba, Amazon, Apple, BMW, Goldman Sachs, Huawei, Microsoft and Walmart.

Multi-year attacks

The attacks have a long evolution, Resecurity’s security experts discovered. The first malicious cyber activities were spotted in September 2021. During this first attack, the cybercriminals managed to get their hands on a list of CCTV cameras, followed by login credentials of operational employees of the data centers themselves and employees of customers operating in the data centers. In addition, they got their hands on data about services purchased and equipment deployed. In addition, they showed interest is the availability of a “remote hands service (RHS) that allows customers to remotely manage their servers in the data center and troubleshoot problems before that.

In the second wave of attacks, carried out throughout 2022, the cybercriminals again managed to steal a customer database with more than a thousand records at a Singapore data center company. This attack, however, was detected and eventually repelled.

The third and, for now, final episode of this attack occurred recently. Investigators discovered that the cybercriminals put the stolen login credentials and other data of major customers of the affected data center companies up for sale on the dark web. More specifically, this involves the RAMP platform that is mostly used by Initial Access Brokers (IABs) and ransomware criminals.

Also read: European companies plan to increase IT security budget over next three years

Impact unknown

The researchers say they cannot estimate the impact of this large-scale theft of login credentials and other data. By going public now about these attacks on the aforementioned data center providers, they hope to mitigate any impact, but also to create more awareness of this type of attack. Meanwhile, in addition to the affected companies, several CERTs of the affected countries have also been informed about the attack.

Tags:

data centers / hack / login credentials / multinational companies

"*" indicates required fields

Stay tuned, subscribe!

Nieuwsbrieven*
This field is for validation purposes and should be left unchanged.

Related

Arm chips in data centers: 70,000 customers, 14x growth since 2021

CoreWeave acquires Core Scientific for $9 billion in AI data center race

Cloud sector wants EU not to restrict water supply to data centers

Data breach involving 16 billion credentials is not what it seems

Editor picks

What we know about SafePay, the Ingram Micro attackers

It sounds like a banking app, but instead, it's one of the latest ran...

Zscaler Cellular brings Zero Trust to IoT and OT devices

In August, Zscaler will launch a cellular solution that brings Zero T...

Amazon S3: almost 20 years old, but still very modern

From backup vault to foundational layer

Domain-specific AI beats general models in business applications

Visma’s AI team is quietly redefining document processing across Eu...

Insight: Data Fabrics

New Alteryx release tears down walls between cloud services and datasets

Data company Alteryx aims to give companies more control over their d...

Wikidata unlocks its own knowledge base by vectorizing its data

Initiative for the benefit of open-source AI models

Pure offers storage for AI and AI for storage

Pure offers storage for AI and AI for storage

"AI is very complicated in enterprise environments," stated Pure Stor...

With Fabric, Microsoft aims for biggest launch since SQL Server

With Fabric, Microsoft aims for biggest launch since SQL Server

Microsoft CEO Satya Nadella describes Fabric as perhaps the biggest l...

Read more on Security

Conscia’s largest acquisition ever: Open Line to be taken over

Conscia’s largest acquisition ever: Open Line to be taken over

Dutch IT service provider Conscia has announced the acquisition of Open Line, a specialist in managed cloud s...

Erik van Klinken 13 minutes ago
Ingram Micro slowly gets back on its feet after ransomware attack

Ingram Micro slowly gets back on its feet after ransomware attack

Ingram Micro is gradually reactivating customer ordering after containing its ransomware attack. The IT distr...

Erik van Klinken 2 days ago
Patch Tuesday: Microsoft closes 137 vulnerabilities, no zero-days

Patch Tuesday: Microsoft closes 137 vulnerabilities, no zero-days

During the monthly Patch Tuesday in July 2025, Microsoft released security updates for a total of 137 vulnera...

Mels Dees 2 days ago
KnowBe4 evolves from security training to human risk management
Top story

KnowBe4 evolves from security training to human risk management

Security awareness training has come a long way from its origins as a compliance checkbox. Today, it’s evol...

Berry Zwets 31 minutes ago

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Tech calendar

Krijg Volledig Inzicht van Gebruiker tot Cloud met Cisco ThousandEyes

July 15, 2025

GITEX DIGI_HEALTH 5.0 - Thailand

September 10, 2025 BITEC Bangkok, Thailand

IT Arena

September 26, 2025 Lviv, Ukraine

Innovation Week 2025

October 9, 2025 Prague

Luxembourg Venture Days

October 22, 2025 Luxembourg

Appdevcon

March 10, 2026 Amsterdam

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2025 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement