Researchers at Palo Alto Networks have discovered an actor extorting around 110,000 domains. The bad actor has been able to compromise the organizations’ cloud environments through exposed .env files. The .env files are typically stored on unsecure applications and servers. Additionally, they contain sensitive information including hard-coded access keys, SaaS API keys, and database login information. The attackers actively sought to expand their control over an organization’s cloud environment. 

Read more: https://www.securityweek.com/cloud-misconfigurations-expose-110000-domains-to-extortion-in-widespread-campaign/