SnapMC skips ransomware, steals data

NCC Group observed a rapid data breach extortion campaign by an actor they call SnapMC that leverages public-facing application exploits (notably CVE-2019-18935 and SQL injection) to gain reverse shells, run PowerShell-based collection (Invoke-SQLcmd), archive data with 7zip and exfiltrate using the MinIO client (mc.exe), then extort victims via timed threat emails; the report provides TTP mapping, mitigation guidance, and IoCs including file names, paths and hashes.