Infostealers Weekly Report: 2023-05-08 – 2023-05-14
InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…
Threat Geography
Where infections came from
Compromised machines distributed by country of infection — hover any region to inspect.
Top 25 countries
- #1 Brazil 8,775
- #2 Vietnam 5,519
- #3 Egypt 5,192
- #4 India 4,570
- #5 Mexico 3,004
- #6 Indonesia 2,985
- #7 United States of America 2,785
- #8 Peru 2,679
- #9 Colombia 2,525
- #10 Philippines 2,265
- #11 Spain 2,107
- #12 Pakistan 1,897
- #13 Argentina 1,855
- #14 Algeria 1,796
- #15 Thailand 1,787
- #16 Turkey 1,633
- #17 Italy 1,421
- #18 Germany 1,419
- #19 France 1,386
- #20 Morocco 1,375
- #21 Bangladesh 1,208
- #22 Netherlands 1,046
- #23 Iraq 1,026
- #24 Poland 974
- #25 Malaysia 956
Top Compromised Domains
Where users had active sessions
Domains where infected users had active sessions and saved credentials at the time of infection.
-
#1
google.com 39,411 users
-
#2
facebook.com 35,683 users
-
#3
live.com 33,375 users
-
#4
discord.com 17,273 users
-
#5
instagram.com 17,247 users
-
#6
netflix.com 16,035 users
-
#7
com.facebook.katana 15,701 users
-
#8
roblox.com 14,344 users
-
#9
amazon.com 13,622 users
-
#10
twitter.com 13,209 users
-
#11
steampowered.com 12,530 users
-
#12
paypal.com 11,850 users
-
#13
com.instagram.android 10,898 users
-
#14
microsoftonline.com 10,625 users
-
#15
twitch.tv 10,475 users
-
#16
com.netflix.mediaclient 10,450 users
-
#17
riotgames.com 10,151 users
-
#18
mega.nz 9,700 users
-
#19
linkedin.com 9,288 users
-
#20
apple.com 9,094 users
-
#21
spotify.com 8,991 users
-
#22
epicgames.com 8,967 users
-
#23
steamcommunity.com 7,600 users
-
#24
com.discord 7,180 users
-
#25
zoom.us 6,998 users
Top Compromised Corporate Domains
Employees caught in the logs
Domains where compromised users were employees, surfaced via business email and credentials.
-
#1
hostinger.com 173 employees
-
#2
aruba.it 166 employees
-
#3
wp.pl 161 employees
-
#4
163.com 139 employees
-
#5
tim.it 109 employees
-
#6
pec.it 109 employees
-
#7
icicibank.com 107 employees
-
#8
qq.com 95 employees
-
#9
bcb.gov.br 94 employees
-
#10
freemail.hu 91 employees
-
#11
secop.gov.co 86 employees
-
#12
rediff.com 76 employees
-
#13
sempreser.com.br 71 employees
-
#14
laureate.net 66 employees
-
#15
telecom.pt 62 employees
-
#16
interia.pl 61 employees
-
#17
login.sp.gov.br 61 employees
-
#18
banquemisr.com 60 employees
-
#19
upc.edu.pe 57 employees
-
#20
secureserver.net 53 employees
-
#21
uol.com.br 52 employees
-
#22
bluehost.com 52 employees
-
#23
utp.edu.pe 51 employees
-
#24
o2.pl 51 employees
-
#25
hostgator.com.br 50 employees
Fortune 500 Exposure
Top S&P companies hit this week
Top S&P companies with compromised employees and customers detected this week.
Compromised employees
-
#1
rockwellautomation.com 28 employees
-
#2
microsoft.com 17 employees
-
#3
ibm.com 10 employees
-
#4
-
#5
ups.com 9 employees
-
#6
ebay.com 8 employees
-
#7
cognizant.com 7 employees
-
#8
pepsico.com 6 employees
-
#9
-
#10
aecom.com 5 employees
-
#11
-
#12
att.com 4 employees
-
#13
publix.com 4 employees
-
#14
-
#15
cisco.com 3 employees
-
#16
ford.com 3 employees
-
#17
oracle.com 3 employees
-
#18
costco.com 3 employees
-
#19
navistar.com 3 employees
-
#20
Compromised users
-
#1
-
#2
-
#3
-
#4
-
#5
-
#6
-
#7
-
#8
-
#9
-
#10
hp.com 1,309 users
-
#11
-
#12
nike.com 1,171 users
-
#13
walmart.com 551 users
-
#14
-
#15
-
#16
intel.com 322 users
-
#17
westernunion.com 307 users
-
#18
bestbuy.com 273 users
-
#19
adp.com 257 users
-
#20
fedex.com 244 users
Targeted Application Keywords
What attackers grep for
The most common application keywords seen across credential logs — auth, sso, vpn, and more.
- #1 auth 159,968hits
- #2 sso 41,909hits
- #3 zoom 15,364hits
- #4 github 7,155hits
- #5 webmail 6,842hits
- #6 adfs 4,936hits
- #7 oracle 2,889hits
- #8 sap 2,362hits
- #9 zendesk 2,332hits
- #10 owa 1,874hits
- #11 ping 1,634hits
- #12 cpanel 1,578hits
- #13 vpn 1,547hits
- #14 sts 1,367hits
- #15 webex 1,343hits
- #16 extranet 1,173hits
- #17 kaspersky 1,062hits
- #18 ftp 857hits
- #19 salesforce 791hits
- #20 st 771hits
- #21 roundcube 750hits
- #22 imap 685hits
- #23 okta 681hits
- #24 gitlab 477hits
- #25 twilio 328hits
Cavalier · Continuous monitoring
Get this depth of insight on your own organization.
Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.
More reports
Previous weekly briefings
Infostealers Weekly Report: 2026-06-08 – 2026-06-15
- 9K machines
- 2K users
- 125K domains
Infostealers Weekly Report: 2026-06-01 – 2026-06-08
- 16K machines
- 2K users
- 273K domains
Infostealers Weekly Report: 2026-05-25 – 2026-06-01
- 18K machines
- 4K users
- 259K domains