TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

Threat Actor Exploits Flaws and Uses Elastic Cloud SIEM to Manage Stolen Data

2026-03-09 · Read original ↗

ATT&CK techniques detected

5 predictions
T1580Cloud Infrastructure Discovery
47%
“hosts across 34 active directory domains. the majority of compromised machines were servers, most commonly running windows server 2019 or 2022. victims appeared across numerous sectors, including : - government organisations - universities and educational institutions - financial…”
T1586.002Email Accounts
45%
“index named " systeminfo ". researchers said the tactic allowed the operator to triage victims and prioritise targets using siem tools designed for defensive security monitoring. the elastic cloud deployment was created on january 28, 2026, and remained active for several days. t…”
T1567.001Exfiltration to Code Repository
40%
“threat actor exploits flaws and uses elastic cloud siem to manage stolen data a campaign exploiting multiple software vulnerabilities to steal system data and store it in a cloud - based security platform has been uncovered by cybersecurity researchers. investigators found that a…”
T1526Cloud Service Discovery
38%
“hosts across 34 active directory domains. the majority of compromised machines were servers, most commonly running windows server 2019 or 2022. victims appeared across numerous sectors, including : - government organisations - universities and educational institutions - financial…”
T1213Data from Information Repositories
32%
“threat actor exploits flaws and uses elastic cloud siem to manage stolen data a campaign exploiting multiple software vulnerabilities to steal system data and store it in a cloud - based security platform has been uncovered by cybersecurity researchers. investigators found that a…”

Summary

Huntress researchers uncover campaign exploiting vulnerabilities to steal data using Elastic Cloud as a data hub