UAT-10608
MISP
Tipo:
Unknown
Unknown
Paese:
Unknown
Unknown
Prima attivita:
Unknown
Unknown
Dettagli:
UAT-10608 is a threat cluster observed by Cisco Talos conducting a large-scale, automated credential-harvesting campaign against public-facing web applications, especially Next.js deployments, using a custom framework called NEXUS Listener to extract and exfiltrate secrets such as credentials, SSH keys, cloud tokens, and API keys. The activity has been linked to broad opportunistic scanning and at least 766 compromised hosts across multiple regions and cloud providers.
Metadata
| ID: | 1041 |
| Created: | 09/04/2026 16:00 |
| Updated: | 02/05/2026 04:00 |