Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence May 22 – May 28, 2023 12 min read

Infostealers Weekly Report: 2023-05-22 – 2023-05-28

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines
#2 0 Compromised Employees
#3 0 Compromised Users
#4 0 Compromised Androids
#5 0 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 183
Infections by country

Top 25 countries

  1. #1 Brazil 8,753
  2. #2 Vietnam 7,406
  3. #3 Egypt 5,323
  4. #4 Philippines 3,780
  5. #5 Mexico 3,738
  6. #6 Peru 3,730
  7. #7 Colombia 3,371
  8. #8 Pakistan 2,869
  9. #9 Argentina 2,621
  10. #10 Algeria 2,246
  11. #11 United States of America 2,052
  12. #12 Thailand 2,034
  13. #13 Turkey 1,884
  14. #14 India 1,686
  15. #15 Morocco 1,585
  16. #16 Bangladesh 1,546
  17. #17 Spain 1,502
  18. #18 Venezuela 1,187
  19. #19 Germany 1,069
  20. #20 Indonesia 1,067
  21. #21 Ecuador 905
  22. #22 Chile 844
  23. #23 Malaysia 835
  24. #24 Bolivia 832
  25. #25 Poland 825

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 33,262 users
  2. #2 facebook.com 31,755 users
  3. #3 live.com 28,322 users
  4. #4 discord.com 14,653 users
  5. #5 com.facebook.katana 14,549 users
  6. #6 roblox.com 14,467 users
  7. #7 instagram.com 14,206 users
  8. #8 netflix.com 13,394 users
  9. #9 steampowered.com 10,294 users
  10. #10 twitter.com 10,079 users
  11. #11 amazon.com 9,994 users
  12. #12 com.netflix.mediaclient 9,104 users
  13. #13 com.instagram.android 8,786 users
  14. #14 microsoftonline.com 8,633 users
  15. #15 riotgames.com 8,374 users
  16. #16 mega.nz 8,158 users
  17. #17 paypal.com 8,115 users
  18. #18 twitch.tv 8,025 users
  19. #19 epicgames.com 6,813 users
  20. #20 com.roblox.client 6,794 users
  21. #21 apple.com 6,394 users
  22. #22 com.discord 6,340 users
  23. #23 linkedin.com 6,320 users
  24. #24 spotify.com 6,271 users
  25. #25 zoom.us 5,812 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 wp.pl 99 employees
  2. #2 sempreser.com.br 94 employees
  3. #3 laureate.net 91 employees
  4. #4 secop.gov.co 88 employees
  5. #5 utp.edu.pe 80 employees
  6. #6 banquemisr.com 80 employees
  7. #7 aruba.it 78 employees
  8. #8 163.com 74 employees
  9. #9 hostinger.com 68 employees
  10. #10 buenosaires.gob.ar 67 employees
  11. #11 pronabec.edu.pe 66 employees
  12. #12 qq.com 64 employees
  13. #13 ig.com.br 64 employees
  14. #14 bcb.gov.br 57 employees
  15. #15 tim.it 56 employees
  16. #16 globo.com 50 employees
  17. #17 rockwellautomation.com 49 employees
  18. #18 deped.gov.ph 47 employees
  19. #19 login.sp.gov.br 46 employees
  20. #20 freemail.hu 45 employees
  21. #21 bluehost.com 42 employees
  22. #22 aiou.edu.pk 39 employees
  23. #23 icicibank.com 38 employees
  24. #24 inacap.cl 38 employees
  25. #25 interia.pl 37 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 49 employees
  2. #2 microsoft.com 19 employees
  3. #3 apple.com 11 employees
  4. #4 ibm.com 8 employees
  5. #5 cisco.com 5 employees
  6. #6 pg.com 5 employees
  7. #7 pepsico.com 5 employees
  8. #8 oracle.com 4 employees
  9. #9 facebook.com 4 employees
  10. #10 netflix.com 2 employees
  11. #11 publix.com 2 employees
  12. #12 ebay.com 2 employees
  13. #13 cbre.com 2 employees
  14. #14 fanniemae.com 1 employees
  15. #15 nike.com 1 employees
  16. #16 cognizant.com 1 employees
  17. #17 goodyear.com 1 employees
  18. #18 amazon.com 1 employees
  19. #19 ppg.com 1 employees
  20. #20 twc.com 1 employees

Compromised users

  1. #1 google.com 33,262 users
  2. #2 facebook.com 31,755 users
  3. #3 netflix.com 13,394 users
  4. #4 amazon.com 9,994 users
  5. #5 paypal.com 8,115 users
  6. #6 apple.com 6,394 users
  7. #7 ebay.com 1,297 users
  8. #8 oracle.com 954 users
  9. #9 cisco.com 923 users
  10. #10 microsoft.com 898 users
  11. #11 hp.com 829 users
  12. #12 nike.com 733 users
  13. #13 walmart.com 257 users
  14. #14 ibm.com 252 users
  15. #15 westernunion.com 224 users
  16. #16 ups.com 220 users
  17. #17 intel.com 184 users
  18. #18 fedex.com 132 users
  19. #19 salesforce.com 108 users
  20. #20 bestbuy.com 95 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 120,852hits
  2. #2 sso 32,211hits
  3. #3 zoom 12,443hits
  4. #4 github 4,494hits
  5. #5 webmail 3,439hits
  6. #6 adfs 3,102hits
  7. #7 oracle 1,826hits
  8. #8 zendesk 1,707hits
  9. #9 owa 1,671hits
  10. #10 sap 1,377hits
  11. #11 vpn 1,330hits
  12. #12 ping 1,165hits
  13. #13 kaspersky 831hits
  14. #14 cpanel 820hits
  15. #15 webex 817hits
  16. #16 extranet 724hits
  17. #17 sts 694hits
  18. #18 st 579hits
  19. #19 salesforce 501hits
  20. #20 ftp 485hits
  21. #21 roundcube 390hits
  22. #22 okta 343hits
  23. #23 gitlab 191hits
  24. #24 twilio 181hits
  25. #25 zimbra 133hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure