August Threat Report: Qilin Attacks Inotiv & Nissan, NFCU Exposes 378TB

Casmer Labs, Cloud Storage Security’s (CSS) internal threat laboratory, monitors the dynamic landscape of cybersecurity, cloud security, and particularly cloud data security. Our mission is to ensure that our customers and the public are informed about critical security developments, incidents, and updates.

In our Q2 threat report, the Casmer Labs team anticipated continuing growth in popularity of data breaches, particularly related to cloud misconfigurations, vulnerabilities, and lack of activity monitoring.

Qilin Ransomware Ramps Up Activity

Back in June, Casmer Labs reported the rise of the Qilin ransomware-as-a-service (RaaS) group, including its peculiar then brand-new offering of legal counsel to their customers. Largely driven by the decline in it’s competitors RansomHub, LockBit, Everest, and BlackLock, Qilin has been linked to two major cyberattacks in August alone.

The first attack was against pharmaceutical and biotechnical company Inotiv Inc., who filed a report to the SEC on Monday, August 18. Qilin claimed that they shut down critical systems and exfiltrated 176GB of research data collected over a number of years. It is not yet clear exactly how Qilin compromised Inotiv’s systems, but recovery costs for similar incidents caused by Qilin have been estimated at $2 million dollars.

The second attack was against Nissan’s design studio, Creative Box Inc. On August 25, 2025, Qilin announced that they had exfiltrated over 4 TB of sensitive information, including:

• 3D models of upcoming vehicles
• Design documents
• Videos and photos
• Financial records

The method of breach has not yet been confirmed. Nissan has also yet to publish a statement on the matter.

Casmer Labs, Cloud Storage Security’s internal threat laboratory, recommends that all organizations take the following steps to avoid both file-borne and fileless ransomware threats:

• Maintain a Robust Backup and Disaster Recovery Strategy: Always maintain backups of all business-critical data and scan backups for latent ransomware upon recall
• Apply Rigorous Patching and Maintenance/Upkeep: All systems, including local/virtual machines, networks, and applications, should be updated to address security vulnerabilities as often as possible
• Train and Educate Employees: Quarterly training on social engineering (including phishing) avoidance and mitigation, security best practices, and more is essential
• Implement Automated Protection: Automated activity monitoring that detects exfiltration attempts and other anomalies and takes appropriate action can stop similar attacks before data is lost

Another Major Misconfiguration Incident

First discovered on September 3, 2025, Navy Federal Credit Union (NFCU), the world’s largest credit union, exposed 378 terabytes of backup data via a misconfigured and publicly accessible Amazon S3 bucket. Investigators have confirmed that no plain-text member data was exposed, but this does not negate all risks associated with the breach. As with many recent misconfiguration incidents, the information compromised by attackers can be used to supplement social engineering efforts, including phishing campaigns. 

The backups reportedly included:

• Usernames and email addresses
• Hashed (obfuscated) passwords
• Encryption keys
• Internal documents, including financial reports and operational playbooks

The incident continues a string of high-profile financial institutions falling victim to similar misconfiguration issues, with another publicly accessible Amazon S3 bucket being linked to FTX Japan in late July.

DataDefender by Cloud Storage Security proactively checks for over 90 security configuration options over 11 major cloud storage services. Checks are organized by severity, meaning that the most critical misconfigurations, such as publicly accessible Amazon S3 buckets or EBS snapshots, can be remediated before moving on to other issues.

DataDefender by Cloud Storage Security is available to try out now. Head to signup.datadefender.io and get started in just a few minutes!

About Cloud Storage Security

Cloud Storage Security (CSS) offers protection for the storage layer in the cloud. DataDefender by Cloud Storage Security is an activity monitoring solution focused on protecting your organization’s most important assets- their data. Prevent ransomware attacks, data exfiltration, internal threats, and more by getting started for free with DataDefender today.

Sign up at signup.datadefender.io. 

Cloud Storage Security’s cloud antivirus solution is also available in AWS Marketplace with a 30-day free trial.