Weekly intelligence May 15 – May 21, 2023 12 min read

Infostealers Weekly Report: 2023-05-15 – 2023-05-21

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 197

Infections by country

Top 25 countries

#1 Brazil 8,707
#2 Vietnam 6,211
#3 Egypt 5,454
#4 Peru 3,117
#5 Mexico 3,065
#6 India 2,899
#7 Colombia 2,843
#8 Philippines 2,819
#9 Argentina 2,561
#10 Pakistan 2,173
#11 Algeria 1,945
#12 Turkey 1,858
#13 Thailand 1,740
#14 Spain 1,609
#15 United States of America 1,473
#16 Morocco 1,328
#17 Bangladesh 1,287
#18 Venezuela 1,113
#19 Chile 1,100
#20 Germany 1,091
#21 Bolivia 1,010
#22 Italy 993
#23 France 916
#24 Indonesia 888
#25 Saudi Arabia 846

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 33,390 users
#2 facebook.com 31,081 users
#3 live.com 28,371 users
#4 discord.com 15,257 users
#5 instagram.com 14,222 users
#6 roblox.com 13,756 users
#7 com.facebook.katana 13,498 users
#8 netflix.com 13,472 users
#9 steampowered.com 10,858 users
#10 amazon.com 10,393 users
#11 twitter.com 10,385 users
#12 com.netflix.mediaclient 9,119 users
#13 com.instagram.android 8,904 users
#14 microsoftonline.com 8,805 users
#15 riotgames.com 8,751 users
#16 paypal.com 8,567 users
#17 mega.nz 8,398 users
#18 twitch.tv 8,309 users
#19 epicgames.com 7,168 users
#20 spotify.com 7,103 users
#21 linkedin.com 6,935 users
#22 apple.com 6,646 users
#23 com.discord 6,483 users
#24 com.roblox.client 6,412 users
#25 steamcommunity.com 6,177 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 163.com 134 employees
#2 wp.pl 134 employees
#3 hostinger.com 108 employees
#4 sempreser.com.br 105 employees
#5 utp.edu.pe 104 employees
#6 laureate.net 100 employees
#7 qq.com 76 employees
#8 secop.gov.co 72 employees
#9 aruba.it 72 employees
#10 icicibank.com 71 employees
#11 bcb.gov.br 70 employees
#12 ig.com.br 69 employees
#13 login.sp.gov.br 68 employees
#14 pec.it 62 employees
#15 tim.it 58 employees
#16 upc.edu.pe 56 employees
#17 freemail.hu 52 employees
#18 abv.bg 51 employees
#19 mans.edu.eg 49 employees
#20 secureserver.net 49 employees
#21 buenosaires.gob.ar 48 employees
#22 inacap.cl 43 employees
#23 mail.tm 42 employees
#24 rediff.com 42 employees
#25 aiou.edu.pk 41 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 31 employees
#2 microsoft.com 21 employees
#3 hp.com 8 employees
#4 cognizant.com 6 employees
#5 apple.com 6 employees
#6 paypal.com 5 employees
#7 att.com 5 employees
#8 gm.com 4 employees
#9 netflix.com 3 employees
#10 facebook.com 3 employees
#11 cablevision.com 3 employees
#12 adp.com 2 employees
#13 aig.com 2 employees
#14 ncr.com 2 employees
#15 elcompanies.com 2 employees
#16 publix.com 2 employees
#17 chsinc.com 2 employees
#18 google.com 1 employees
#19 harman.com 1 employees
#20 insight.com 1 employees

Compromised users

#1 google.com 33,390 users
#2 facebook.com 31,081 users
#3 netflix.com 13,472 users
#4 amazon.com 10,393 users
#5 paypal.com 8,567 users
#6 apple.com 6,646 users
#7 ebay.com 1,317 users
#8 oracle.com 1,119 users
#9 microsoft.com 983 users
#10 cisco.com 920 users
#11 hp.com 857 users
#12 nike.com 782 users
#13 ibm.com 323 users
#14 walmart.com 276 users
#15 ups.com 239 users
#16 intel.com 200 users
#17 westernunion.com 167 users
#18 fedex.com 161 users
#19 adp.com 103 users
#20 americanexpress.com 103 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 114,390hits
#2 sso 32,901hits
#3 zoom 12,347hits
#4 github 4,969hits
#5 webmail 4,233hits
#6 adfs 3,422hits
#7 oracle 2,190hits
#8 sap 1,752hits
#9 zendesk 1,570hits
#10 owa 1,324hits
#11 sts 1,173hits
#12 vpn 1,133hits
#13 cpanel 1,089hits
#14 ping 1,086hits
#15 webex 897hits
#16 kaspersky 866hits
#17 extranet 859hits
#18 ftp 722hits
#19 st 511hits
#20 roundcube 476hits
#21 okta 378hits
#22 gitlab 230hits
#23 salesforce 218hits
#24 twilio 192hits
#25 imap 175hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →