Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Credential Theft Drives Brute-Force Attacks on SSO Systems

Credential Theft Drives Brute-Force Attacks on SSO Systems

Posted on February 27, 2026 By CWS

Cybercriminals are increasingly using stolen credentials to infiltrate corporate networks, posing a significant threat to security. Unlike traditional methods that exploit software vulnerabilities, attackers are now leveraging infostealer malware to conduct large-scale brute-force attacks on Single Sign-On (SSO) gateways.

Infostealers Target Corporate Gateways

Infostealer malware families have become central to a new wave of cyberattacks focusing on corporate SSO systems, particularly targeting F5 BIG-IP interfaces. This shift was brought into the spotlight on February 23, 2026, when Defused Cyber reported a significant credential stuffing campaign aimed at these gateways. The attack involved a single IP address, 219.75.254.166, linked to OPTAGE Inc. in Japan, which was utilized to bombard systems with legitimate-looking email and password combinations.

The precision of these attacks is noteworthy. The credentials used appeared to be authentic, linked to employees from multinational corporations and government bodies. These were not credentials obtained from an F5 data breach but rather collected from devices compromised by infostealer malware.

Identifying the Source of Compromised Credentials

Analysis by infostealers analysts revealed a strong correlation between the credentials used in the attacks and those found in Hudson Rock’s cybercrime database. Of the 70 observed email-password pairs, 54 matched known infostealer infection logs, indicating a 77% match rate. The malware had extracted these credentials from infected devices, which were then used to attack systems such as Active Directory Federation Services (ADFS) and Security Token Services (STS).

The attack affected numerous high-profile organizations, including Rolls-Royce, Johnson & Johnson, and the Belgian Police, among others. Turkish government ministries and retail conglomerates were also targeted, exploiting weak or absent multi-factor authentication measures to gain access.

Infrastructure and Defense Strategies

The attackers’ infrastructure added complexity to the threat, with the source IP traced back to a compromised Fortinet FortiGate-60E firewall at OPTAGE Inc. Open ports and a self-signed SSL certificate further facilitated the malicious traffic routing. This dual-threat strategy, combining stolen identities with compromised devices, poses a formidable challenge to detection and defense.

The concept of a “Log-to-Lead” pipeline exemplifies the industrial nature of these attacks, where infostealer data is quickly transformed into network access. Organizations can mitigate these threats by implementing phishing-resistant multi-factor authentication, monitoring exposed credentials, and preventing password reuse across systems. Educating employees about the risks of browser-saved passwords is also crucial to disrupt the infostealer supply chain.

Stay informed with our updates by following us on Google News, LinkedIn, and X, and ensure you set Site Name as a preferred source on Google for the latest cybersecurity news.

Cyber Security News Tags:ADFS, brute-force attacks, corporate networks, credential theft, Cybercrime, Cybersecurity, F5 BIG-IP, Infostealers, multi-factor authentication, SSO security

Post navigation

Previous Post: ManoMano Data Breach Affects 38 Million Users
Next Post: ScarCruft Exploits Zoho WorkDrive for Air-Gapped Network Breach

Related Posts

Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence Cyber Security News
Buterat Backdoor Attacking Enterprises to Establish Persistence and Control Endpoints Buterat Backdoor Attacking Enterprises to Establish Persistence and Control Endpoints Cyber Security News
CISOs Playbook for Managing Boardroom Cybersecurity Concerns CISOs Playbook for Managing Boardroom Cybersecurity Concerns Cyber Security News
Chinese MURKY PANDA Attacking Government and Professional Services Entities Chinese MURKY PANDA Attacking Government and Professional Services Entities Cyber Security News
Mozilla Wants All New Firefox Extensions to Disclose Data Collection Policies Mozilla Wants All New Firefox Extensions to Disclose Data Collection Policies Cyber Security News
Microsoft Teams to Auto-Set Work Location by Detecting the Wi-Fi Network Microsoft Teams to Auto-Set Work Location by Detecting the Wi-Fi Network Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access
  • Old Microsoft UEFI Shims Pose Secure Boot Risk
  • July 2026 SAP Security Updates Address Critical Flaws
  • US, Allies Alert on Russian Cyber Threats to Key Infrastructure

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access
  • Old Microsoft UEFI Shims Pose Secure Boot Risk
  • July 2026 SAP Security Updates Address Critical Flaws
  • US, Allies Alert on Russian Cyber Threats to Key Infrastructure

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark