Massive Leak Exposes Credentials for Thousands of Sensitive Networks

A massive data breach has exposed credentials for thousands of sensitive networks after attackers employed a 45-GPU cluster managed via Hashtopolis to intercept and crack SSL VPN authentication hashes. According to cybersecurity firm Hudson Rock, the attackers then used the cracked passwords to move laterally within networks, compromising Active Directory environments and other centralized authentication systems.

The attack affected organizations in Japan, Taiwan, Vietnam, Iraq, and Turkey. Most alarmingly, a Turkish NATO defense contractor had classified documents exfiltrated. Researcher Bob Diachenko noted, "The scale is the sophistication."

The attackers employed a feedback-driven, 12-level recursive cracking system. Successful guesses were fed back as seeds to generate more candidates, with custom dictionaries containing up to eight words, keyboard patterns, and cracking rules. Despite this innovation, the attackers made an amateur operational security mistake by leaving artifacts on the server they used.

Top countries for compromised devices included India, the US, Taiwan, Mexico, Turkey, and Thailand. Affected industries ranged from IT services and construction materials to telecommunications, construction and engineering, industrial equipment, and financial services. The database also listed major companies such as Foxconn, Samsung, Comcast, Siemens, PwC, and Accenture, along with thousands of other organizations, including government agencies and critical infrastructure providers.

Firewalls have long been a favored entry point for hackers, as they accept external connections and sit at the network perimeter with access to internal resources. Given that the data has been available to cybercriminals, the risk remains substantial.