Weekly intelligence Jun 19 – Jun 25, 2023 13 min read

Infostealers Weekly Report: 2023-06-19 – 2023-06-25

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 213

Infections by country

Top 25 countries

#1 Brazil 9,469
#2 India 7,141
#3 Colombia 5,466
#4 Egypt 5,462
#5 Mexico 4,001
#6 Indonesia 3,800
#7 Vietnam 3,724
#8 Peru 3,668
#9 Argentina 3,452
#10 Algeria 3,266
#11 Philippines 3,155
#12 United States of America 3,053
#13 Turkey 3,052
#14 Morocco 3,009
#15 Italy 2,846
#16 Thailand 2,836
#17 Spain 2,646
#18 Pakistan 2,528
#19 Germany 2,261
#20 Ecuador 2,048
#21 France 1,989
#22 Bangladesh 1,713
#23 Chile 1,605
#24 Poland 1,541
#25 Saudi Arabia 1,504

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 50,176 users
#2 facebook.com 45,364 users
#3 live.com 41,800 users
#4 instagram.com 21,602 users
#5 com.facebook.katana 20,504 users
#6 netflix.com 20,273 users
#7 discord.com 18,875 users
#8 roblox.com 16,484 users
#9 amazon.com 16,062 users
#10 twitter.com 14,812 users
#11 com.instagram.android 14,312 users
#12 microsoftonline.com 13,772 users
#13 steampowered.com 13,442 users
#14 com.netflix.mediaclient 13,165 users
#15 paypal.com 12,745 users
#16 twitch.tv 10,727 users
#17 linkedin.com 10,430 users
#18 spotify.com 9,947 users
#19 riotgames.com 9,912 users
#20 mega.nz 9,899 users
#21 epicgames.com 9,830 users
#22 apple.com 9,827 users
#23 zoom.us 8,962 users
#24 com.spotify.music 8,738 users
#25 com.roblox.client 8,616 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 icicibank.com 255 employees
#2 wp.pl 234 employees
#3 aruba.it 207 employees
#4 tim.it 191 employees
#5 hostinger.com 190 employees
#6 rediff.com 163 employees
#7 secop.gov.co 160 employees
#8 pec.it 137 employees
#9 utp.edu.pe 128 employees
#10 laureate.net 115 employees
#11 abv.bg 104 employees
#12 freemail.hu 103 employees
#13 qq.com 102 employees
#14 163.com 96 employees
#15 sapo.pt 89 employees
#16 buenosaires.gob.ar 86 employees
#17 o2.pl 84 employees
#18 sempreser.com.br 83 employees
#19 netpnb.com 82 employees
#20 interia.pl 81 employees
#21 fmod.dev 74 employees
#22 skole.hr 74 employees
#23 banquemisr.com 73 employees
#24 telecom.pt 73 employees
#25 jwpub.org 68 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 53 employees
#2 microsoft.com 53 employees
#3 oracle.com 15 employees
#4 netflix.com 14 employees
#5 cognizant.com 8 employees
#6 ibm.com 7 employees
#7 apple.com 5 employees
#8 hp.com 4 employees
#9 cisco.com 4 employees
#10 amazon.com 3 employees
#11 jacobs.com 3 employees
#12 frontier.com 2 employees
#13 publix.com 2 employees
#14 ch2m.com 2 employees
#15 aa.com 2 employees
#16 harman.com 2 employees
#17 fisglobal.com 2 employees
#18 jpmorganchase.com 2 employees
#19 honeywell.com 2 employees
#20 cablevision.com 2 employees

Compromised users

#1 google.com 50,176 users
#2 facebook.com 45,364 users
#3 netflix.com 20,273 users
#4 amazon.com 16,062 users
#5 paypal.com 12,745 users
#6 apple.com 9,827 users
#7 ebay.com 2,295 users
#8 oracle.com 1,594 users
#9 microsoft.com 1,591 users
#10 hp.com 1,424 users
#11 nike.com 1,371 users
#12 cisco.com 1,340 users
#13 ibm.com 564 users
#14 ups.com 556 users
#15 walmart.com 479 users
#16 westernunion.com 414 users
#17 intel.com 336 users
#18 fedex.com 245 users
#19 adp.com 212 users
#20 salesforce.com 206 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 167,660hits
#2 sso 46,453hits
#3 zoom 19,751hits
#4 github 7,343hits
#5 webmail 6,724hits
#6 adfs 6,375hits
#7 oracle 3,272hits
#8 sap 2,823hits
#9 zendesk 2,446hits
#10 owa 2,307hits
#11 vpn 1,976hits
#12 ping 1,948hits
#13 cpanel 1,728hits
#14 sts 1,683hits
#15 webex 1,448hits
#16 extranet 1,233hits
#17 kaspersky 1,058hits
#18 ftp 970hits
#19 imap 902hits
#20 salesforce 793hits
#21 st 775hits
#22 okta 709hits
#23 roundcube 665hits
#24 gitlab 381hits
#25 twilio 348hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →