Weekly intelligence Aug 21 – Aug 27, 2023 12 min read

Infostealers Weekly Report: 2023-08-21 – 2023-08-27

InfoStealers Weekly Report – In this comprehensive report, we provide you with valuable insights into the most pressing threats facing organizations today. As cyberattacks continue to grow in…

#1 0 Compromised Machines

#2 0 Compromised Employees

#3 0 Compromised Users

#4 0 Compromised Androids

#5 0 Compromised Domains

Check if you are exposed All reports →

Threat Geography

Where infections came from

Compromised machines distributed by country of infection — hover any region to inspect.

Top 25 of 191

Infections by country

Top 25 countries

#1 Brazil 6,241
#2 Turkey 4,334
#3 Pakistan 4,210
#4 Philippines 3,863
#5 Egypt 3,386
#6 Bangladesh 2,789
#7 Spain 2,625
#8 Peru 2,591
#9 Thailand 2,355
#10 Colombia 2,351
#11 Vietnam 2,351
#12 Mexico 2,331
#13 Argentina 2,110
#14 Algeria 1,656
#15 United States of America 1,569
#16 Poland 1,426
#17 Morocco 1,337
#18 Venezuela 1,307
#19 Sri Lanka 1,237
#20 Germany 1,196
#21 Ukraine 1,160
#22 Nigeria 1,142
#23 Chile 1,123
#24 India 964
#25 Bolivia 944

Top Compromised Domains

Where users had active sessions

Domains where infected users had active sessions and saved credentials at the time of infection.

Top 25

#1 google.com 34,072 users
#2 facebook.com 30,968 users
#3 live.com 27,940 users
#4 instagram.com 13,711 users
#5 discord.com 13,299 users
#6 com.facebook.katana 13,202 users
#7 netflix.com 12,443 users
#8 roblox.com 12,219 users
#9 steampowered.com 9,878 users
#10 amazon.com 9,346 users
#11 twitter.com 9,097 users
#12 com.instagram.android 8,214 users
#13 com.netflix.mediaclient 8,126 users
#14 microsoftonline.com 7,802 users
#15 paypal.com 7,787 users
#16 mega.nz 7,475 users
#17 twitch.tv 7,014 users
#18 apple.com 6,655 users
#19 epicgames.com 6,640 users
#20 spotify.com 6,629 users
#21 riotgames.com 6,528 users
#22 linkedin.com 6,213 users
#23 com.roblox.client 5,735 users
#24 steamcommunity.com 5,565 users
#25 zoom.us 5,293 users

Top Compromised Corporate Domains

Employees caught in the logs

Domains where compromised users were employees, surfaced via business email and credentials.

Top 25

#1 qq.com 136 employees
#2 163.com 117 employees
#3 freemail.hu 116 employees
#4 wp.pl 114 employees
#5 o2.pl 110 employees
#6 tim.it 101 employees
#7 interia.pl 91 employees
#8 ukr.net 78 employees
#9 abv.bg 64 employees
#10 laureate.net 64 employees
#11 aruba.it 63 employees
#12 onet.pl 55 employees
#13 buenosaires.gob.ar 54 employees
#14 alxswe.com 54 employees
#15 hostinger.com 50 employees
#16 rockwellautomation.com 49 employees
#17 microsoft.com 47 employees
#18 ig.com.br 46 employees
#19 pec.it 45 employees
#20 britanico.edu.pe 44 employees
#21 i.ua 43 employees
#22 login.sp.gov.br 43 employees
#23 jwpub.org 43 employees
#24 web-hosting.com 43 employees
#25 tigo.com.co 42 employees

Fortune 500 Exposure

Top S&P companies hit this week

Top S&P companies with compromised employees and customers detected this week.

Compromised employees

#1 rockwellautomation.com 49 employees
#2 microsoft.com 47 employees
#3 cbre.com 10 employees
#4 honeywell.com 8 employees
#5 xerox.com 6 employees
#6 hp.com 6 employees
#7 ibm.com 5 employees
#8 twc.com 2 employees
#9 paypal.com 2 employees
#10 amazon.com 2 employees
#11 ups.com 2 employees
#12 quintiles.com 2 employees
#13 manpowergroup.com 1 employees
#14 publix.com 1 employees
#15 cognizant.com 1 employees
#16 johnsoncontrols.com 1 employees

Compromised users

#1 google.com 34,072 users
#2 facebook.com 30,968 users
#3 netflix.com 12,443 users
#4 amazon.com 9,346 users
#5 paypal.com 7,787 users
#6 apple.com 6,655 users
#7 ebay.com 1,320 users
#8 microsoft.com 985 users
#9 hp.com 983 users
#10 oracle.com 940 users
#11 cisco.com 917 users
#12 nike.com 693 users
#13 ibm.com 300 users
#14 ups.com 253 users
#15 walmart.com 252 users
#16 intel.com 199 users
#17 westernunion.com 192 users
#18 adp.com 121 users
#19 fedex.com 104 users
#20 salesforce.com 82 users

Targeted Application Keywords

What attackers grep for

The most common application keywords seen across credential logs — auth, sso, vpn, and more.

Top 25

#1 auth 107,281hits
#2 sso 26,704hits
#3 zoom 11,698hits
#4 github 4,830hits
#5 webmail 4,261hits
#6 adfs 2,858hits
#7 sap 2,011hits
#8 oracle 1,683hits
#9 zendesk 1,287hits
#10 vpn 1,258hits
#11 owa 1,204hits
#12 ping 1,101hits
#13 cpanel 991hits
#14 extranet 872hits
#15 sts 835hits
#16 kaspersky 741hits
#17 webex 634hits
#18 ftp 523hits
#19 roundcube 449hits
#20 st 449hits
#21 dana-na 315hits
#22 gitlab 270hits
#23 okta 240hits
#24 zimbra 185hits
#25 sharepoint 180hits

Cavalier · Continuous monitoring

Get this depth of insight on your own organization.

Cavalier turns this same intelligence into a continuous real-time feed of compromised employees, customers and third-party vendors for your business.

Get a free report Explore Cavalier →

More reports

Previous weekly briefings

View archive →

Jun 8 → Jun 15, 2026 12 min

Infostealers Weekly Report: 2026-06-08 – 2026-06-15

9K machines
2K users
125K domains

View report →

Jun 1 → Jun 8, 2026 13 min

Infostealers Weekly Report: 2026-06-01 – 2026-06-08

16K machines
2K users
273K domains

View report →

May 25 → Jun 1, 2026 13 min

Infostealers Weekly Report: 2026-05-25 – 2026-06-01

18K machines
4K users
259K domains

View report →