Skip to content
INFOSTEALERS By HudsonRock
Weekly intelligence Apr 17 – Apr 23, 2023 13 min read

Infostealers Weekly Report: 2023-04-17 – 2023-04-23

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines
#2 0 Compromised Employees
#3 0 Compromised Users
#4 0 Compromised Androids
#5 0 Compromised Domains
Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 198
Infections by country

Top 25 countries

  1. #1 Brazil 9,589
  2. #2 Vietnam 7,833
  3. #3 India 5,485
  4. #4 Mexico 5,219
  5. #5 Egypt 4,243
  6. #6 Philippines 3,946
  7. #7 Turkey 3,916
  8. #8 Colombia 3,558
  9. #9 Peru 3,107
  10. #10 Argentina 3,107
  11. #11 Pakistan 2,909
  12. #12 Spain 2,137
  13. #13 Thailand 2,095
  14. #14 Morocco 1,812
  15. #15 United States of America 1,791
  16. #16 Bangladesh 1,678
  17. #17 Algeria 1,674
  18. #18 Chile 1,554
  19. #19 Venezuela 1,462
  20. #20 Italy 1,338
  21. #21 France 1,310
  22. #22 Germany 1,257
  23. #23 Indonesia 1,253
  24. #24 South Korea 1,171
  25. #25 Iraq 1,156

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25
  1. #1 google.com 45,401 users
  2. #2 facebook.com 42,029 users
  3. #3 live.com 39,004 users
  4. #4 netflix.com 19,336 users
  5. #5 discord.com 19,302 users
  6. #6 instagram.com 19,078 users
  7. #7 com.facebook.katana 18,578 users
  8. #8 roblox.com 16,109 users
  9. #9 amazon.com 15,908 users
  10. #10 twitter.com 14,702 users
  11. #11 steampowered.com 14,384 users
  12. #12 com.netflix.mediaclient 12,885 users
  13. #13 paypal.com 12,826 users
  14. #14 microsoftonline.com 12,724 users
  15. #15 com.instagram.android 12,416 users
  16. #16 riotgames.com 11,845 users
  17. #17 twitch.tv 11,822 users
  18. #18 mega.nz 11,624 users
  19. #19 linkedin.com 10,175 users
  20. #20 apple.com 10,000 users
  21. #21 epicgames.com 9,698 users
  22. #22 spotify.com 9,572 users
  23. #23 steamcommunity.com 8,671 users
  24. #24 com.spotify.music 8,640 users
  25. #25 com.discord 8,533 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25
  1. #1 wp.pl 186 employees
  2. #2 icicibank.com 169 employees
  3. #3 hostinger.com 152 employees
  4. #4 aruba.it 131 employees
  5. #5 freemail.hu 128 employees
  6. #6 163.com 122 employees
  7. #7 rediff.com 122 employees
  8. #8 utp.edu.pe 113 employees
  9. #9 pec.it 111 employees
  10. #10 tim.it 109 employees
  11. #11 telecom.pt 88 employees
  12. #12 laureate.net 86 employees
  13. #13 abv.bg 85 employees
  14. #14 secop.gov.co 83 employees
  15. #15 inacap.cl 80 employees
  16. #16 bcb.gov.br 76 employees
  17. #17 login.sp.gov.br 75 employees
  18. #18 qq.com 75 employees
  19. #19 o2.pl 70 employees
  20. #20 rockwellautomation.com 69 employees
  21. #21 sempreser.com.br 69 employees
  22. #22 jwpub.org 67 employees
  23. #23 buenosaires.gob.ar 65 employees
  24. #24 naver.com 65 employees
  25. #25 ig.com.br 64 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

  1. #1 rockwellautomation.com 69 employees
  2. #2 microsoft.com 55 employees
  3. #3 cognizant.com 16 employees
  4. #4 hp.com 9 employees
  5. #5 gm.com 8 employees
  6. #6 apple.com 8 employees
  7. #7 publix.com 7 employees
  8. #8 fedex.com 6 employees
  9. #9 ibm.com 6 employees
  10. #10 honeywell.com 5 employees
  11. #11 netflix.com 4 employees
  12. #12 facebook.com 3 employees
  13. #13 lear.com 3 employees
  14. #14 statefarm.com 3 employees
  15. #15 ge.com 3 employees
  16. #16 aa.com 3 employees
  17. #17 halliburton.com 3 employees
  18. #18 pg.com 3 employees
  19. #19 cisco.com 3 employees
  20. #20 costco.com 2 employees

Compromised users

  1. #1 google.com 45,401 users
  2. #2 facebook.com 42,029 users
  3. #3 netflix.com 19,336 users
  4. #4 amazon.com 15,908 users
  5. #5 paypal.com 12,826 users
  6. #6 apple.com 10,000 users
  7. #7 ebay.com 2,599 users
  8. #8 oracle.com 1,747 users
  9. #9 microsoft.com 1,676 users
  10. #10 cisco.com 1,388 users
  11. #11 hp.com 1,294 users
  12. #12 nike.com 1,197 users
  13. #13 walmart.com 550 users
  14. #14 ibm.com 510 users
  15. #15 ups.com 454 users
  16. #16 westernunion.com 312 users
  17. #17 intel.com 300 users
  18. #18 adp.com 284 users
  19. #19 salesforce.com 258 users
  20. #20 fedex.com 249 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25
  1. #1 auth 170,658hits
  2. #2 sso 44,792hits
  3. #3 zoom 18,271hits
  4. #4 github 7,260hits
  5. #5 webmail 6,186hits
  6. #6 adfs 5,934hits
  7. #7 oracle 3,566hits
  8. #8 zendesk 2,572hits
  9. #9 sap 2,396hits
  10. #10 owa 2,190hits
  11. #11 sts 1,656hits
  12. #12 vpn 1,652hits
  13. #13 cpanel 1,616hits
  14. #14 ping 1,546hits
  15. #15 extranet 1,288hits
  16. #16 kaspersky 1,209hits
  17. #17 webex 1,162hits
  18. #18 ftp 1,013hits
  19. #19 st 930hits
  20. #20 roundcube 916hits
  21. #21 imap 693hits
  22. #22 salesforce 625hits
  23. #23 okta 616hits
  24. #24 gitlab 451hits
  25. #25 twilio 392hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →
Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

  • 9K machines
  • 2K users
  • 125K domains
View report →
Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

  • 16K machines
  • 2K users
  • 273K domains
View report →
May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

  • 18K machines
  • 4K users
  • 259K domains
View report →
Free Tools Check your exposure