Weekly intelligence Aug 7 – Aug 13, 2023 11 min read

Infostealers Weekly Report: 2023-08-07 – 2023-08-13

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 180

Infections by country

Top 25 countries

#1 Brazil 8,116
#2 Pakistan 4,495
#3 Philippines 4,489
#4 Vietnam 3,674
#5 United States of America 3,387
#6 Mexico 3,192
#7 Turkey 3,183
#8 Indonesia 3,058
#9 India 2,980
#10 Colombia 2,971
#11 Thailand 2,914
#12 Egypt 2,781
#13 Peru 2,715
#14 Bangladesh 2,054
#15 Algeria 1,967
#16 Spain 1,850
#17 Morocco 1,811
#18 Poland 1,724
#19 Argentina 1,626
#20 Germany 1,604
#21 Sri Lanka 1,410
#22 Malaysia 1,216
#23 Chile 1,085
#24 Myanmar (Burma) 1,078
#25 Nigeria 1,023

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 33,638 users
#2 facebook.com 30,271 users
#3 live.com 28,179 users
#4 discord.com 14,128 users
#5 instagram.com 13,495 users
#6 com.facebook.katana 13,419 users
#7 roblox.com 13,265 users
#8 netflix.com 12,873 users
#9 steampowered.com 10,049 users
#10 amazon.com 9,594 users
#11 twitter.com 9,477 users
#12 com.netflix.mediaclient 8,509 users
#13 com.instagram.android 8,424 users
#14 paypal.com 8,300 users
#15 microsoftonline.com 7,930 users
#16 mega.nz 7,484 users
#17 riotgames.com 7,407 users
#18 twitch.tv 7,393 users
#19 apple.com 7,034 users
#20 epicgames.com 6,889 users
#21 spotify.com 6,619 users
#22 linkedin.com 6,477 users
#23 com.roblox.client 5,980 users
#24 steamcommunity.com 5,752 users
#25 com.discord 5,479 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 195 employees
#2 163.com 123 employees
#3 qq.com 107 employees
#4 freemail.hu 92 employees
#5 tim.it 82 employees
#6 sempreser.com.br 81 employees
#7 o2.pl 78 employees
#8 hostinger.com 77 employees
#9 secureserver.net 75 employees
#10 fmod.dev 73 employees
#11 onet.pl 69 employees
#12 hostgator.com.br 69 employees
#13 aruba.it 67 employees
#14 rediff.com 66 employees
#15 login.sp.gov.br 59 employees
#16 jwpub.org 59 employees
#17 abv.bg 58 employees
#18 laureate.net 56 employees
#19 secop.gov.co 56 employees
#20 icicibank.com 56 employees
#21 ig.com.br 55 employees
#22 bcb.gov.br 54 employees
#23 utp.edu.pe 49 employees
#24 sapo.pt 49 employees
#25 rockwellautomation.com 48 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 48 employees
#2 microsoft.com 28 employees
#3 firstam.com 15 employees
#4 facebook.com 8 employees
#5 publix.com 6 employees
#6 netflix.com 5 employees
#7 gm.com 4 employees
#8 cognizant.com 4 employees
#9 ups.com 3 employees
#10 interpublic.com 3 employees
#11 oracle.com 2 employees
#12 twc.com 2 employees
#13 ibm.com 2 employees
#14 salesforce.com 2 employees
#15 stryker.com 2 employees
#16 hp.com 1 employees

Compromised users

#1 google.com 33,638 users
#2 facebook.com 30,271 users
#3 netflix.com 12,873 users
#4 amazon.com 9,594 users
#5 paypal.com 8,300 users
#6 apple.com 7,034 users
#7 ebay.com 1,555 users
#8 oracle.com 1,083 users
#9 microsoft.com 1,062 users
#10 hp.com 897 users
#11 cisco.com 805 users
#12 nike.com 690 users
#13 walmart.com 282 users
#14 ups.com 264 users
#15 ibm.com 256 users
#16 intel.com 221 users
#17 westernunion.com 215 users
#18 bestbuy.com 145 users
#19 fedex.com 138 users
#20 adp.com 123 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 111,858hits
#2 sso 31,353hits
#3 zoom 10,760hits
#4 webmail 5,635hits
#5 github 5,289hits
#6 adfs 3,214hits
#7 owa 2,174hits
#8 oracle 2,115hits
#9 sap 1,847hits
#10 zendesk 1,502hits
#11 webex 1,500hits
#12 ping 1,354hits
#13 cpanel 979hits
#14 vpn 971hits
#15 sts 925hits
#16 kaspersky 888hits
#17 extranet 770hits
#18 ftp 647hits
#19 roundcube 546hits
#20 st 451hits
#21 okta 353hits
#22 twilio 217hits
#23 gitlab 167hits
#24 salesforce 146hits
#25 sharepoint 127hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →