Weekly intelligence Mar 6 – Mar 12, 2023 12 min read

Infostealers Weekly Report: 2023-03-06 – 2023-03-12

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 194

Infections by country

Top 25 countries

#1 Brazil 4,812
#2 Mexico 2,646
#3 Vietnam 2,331
#4 Egypt 2,105
#5 Philippines 1,926
#6 United States of America 1,857
#7 Colombia 1,852
#8 Turkey 1,758
#9 Peru 1,674
#10 Argentina 1,663
#11 Spain 1,551
#12 Thailand 1,489
#13 India 1,432
#14 Pakistan 1,258
#15 Germany 1,087
#16 Algeria 1,019
#17 Morocco 995
#18 Poland 986
#19 Indonesia 883
#20 Chile 827
#21 France 801
#22 Bangladesh 766
#23 Romania 758
#24 Italy 717
#25 Malaysia 617

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 24,549 users
#2 facebook.com 22,001 users
#3 live.com 21,023 users
#4 discord.com 12,502 users
#5 roblox.com 11,702 users
#6 instagram.com 10,495 users
#7 netflix.com 10,343 users
#8 com.facebook.katana 9,802 users
#9 steampowered.com 8,724 users
#10 amazon.com 8,214 users
#11 twitter.com 7,970 users
#12 twitch.tv 7,619 users
#13 riotgames.com 7,436 users
#14 paypal.com 7,390 users
#15 com.netflix.mediaclient 6,758 users
#16 epicgames.com 6,755 users
#17 com.instagram.android 6,726 users
#18 microsoftonline.com 6,390 users
#19 mega.nz 6,238 users
#20 steamcommunity.com 5,982 users
#21 spotify.com 5,674 users
#22 apple.com 5,352 users
#23 com.roblox.client 5,186 users
#24 com.discord 5,102 users
#25 linkedin.com 4,784 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 wp.pl 138 employees
#2 aruba.it 90 employees
#3 163.com 74 employees
#4 abv.bg 72 employees
#5 hostinger.com 66 employees
#6 secop.gov.co 63 employees
#7 tim.it 59 employees
#8 freemail.hu 51 employees
#9 laureate.net 50 employees
#10 bcb.gov.br 49 employees
#11 qq.com 47 employees
#12 mail.tm 47 employees
#13 cibertec.edu.pe 45 employees
#14 pec.it 44 employees
#15 hostgator.com 43 employees
#16 secureserver.net 42 employees
#17 britanico.edu.pe 39 employees
#18 buenosaires.gob.ar 39 employees
#19 sempreser.com.br 38 employees
#20 onet.pl 37 employees
#21 icicibank.com 36 employees
#22 bluehost.com 34 employees
#23 rockwellautomation.com 33 employees
#24 inacap.cl 33 employees
#25 telecom.pt 33 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 33 employees
#2 microsoft.com 24 employees
#3 google.com 7 employees
#4 frontier.com 7 employees
#5 amazon.com 4 employees
#6 facebook.com 3 employees
#7 netflix.com 3 employees
#8 oracle.com 3 employees
#9 publix.com 3 employees
#10 twc.com 3 employees
#11 ups.com 2 employees
#12 ge.com 2 employees
#13 ibm.com 2 employees
#14 apple.com 2 employees
#15 pvh.com 1 employees
#16 pepsico.com 1 employees
#17 wm.com 1 employees
#18 hp.com 1 employees
#19 bestbuy.com 1 employees
#20 fedex.com 1 employees

Compromised users

#1 google.com 24,549 users
#2 facebook.com 22,001 users
#3 netflix.com 10,343 users
#4 amazon.com 8,214 users
#5 paypal.com 7,390 users
#6 apple.com 5,352 users
#7 ebay.com 1,260 users
#8 oracle.com 863 users
#9 nike.com 775 users
#10 hp.com 765 users
#11 microsoft.com 686 users
#12 cisco.com 582 users
#13 walmart.com 370 users
#14 intel.com 231 users
#15 ups.com 222 users
#16 westernunion.com 209 users
#17 ibm.com 190 users
#18 bestbuy.com 186 users
#19 target.com 147 users
#20 adp.com 135 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 90,826hits
#2 sso 23,203hits
#3 zoom 8,308hits
#4 github 3,747hits
#5 webmail 2,833hits
#6 adfs 2,771hits
#7 sap 2,030hits
#8 oracle 1,641hits
#9 zendesk 1,285hits
#10 cpanel 1,140hits
#11 owa 1,071hits
#12 vpn 901hits
#13 ping 761hits
#14 sts 741hits
#15 kaspersky 646hits
#16 webex 638hits
#17 extranet 634hits
#18 ftp 489hits
#19 roundcube 447hits
#20 okta 425hits
#21 salesforce 310hits
#22 st 299hits
#23 twilio 164hits
#24 gitlab 128hits
#25 sharepoint 116hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →