In light of recent attacks targeting Snowflake customers, we‚'d like to reassure you that after an internal investigation, we do not have reason to believe any Panther-managed Snowflake customer credentials were targeted or compromised. Regardless, we are hardening our Snowflake security posture, providing Panther customers with new detection rules and queries for monitoring their environments, and will continue to follow situational updates that emerge.

Mandiant, coordinating with Snowflake, announced that as of June 10th, approximately 165 of Snowflake‚'s customers had been targeted by this activity. Panther has not been notified that we were targeted. This attack used info-stealing malware to access a Snowflake warehouse through compromised credentials and exfiltrate data. Snowflake has not disclosed any vulnerability within its platform and is actively working on response efforts by notifying affected organizations directly and publishing additional guidance.

To connect to Snowflake, Panther primarily relies on key-based authentication. If Panther previously provided you with password-based authentication for Business Intelligence (BI) connections, it‚'s strongly recommended to follow Snowflake's suggested guidance to reset your credentials and add MFA to the account. At this time, we are continuing to harden access to our Snowflake instances through a combination of IP allow-listing, credential rotation, two-factor authentication (2FA), and transitioning fully to key-based authentication. We are currently engaging with customers who manage their own Snowflake warehouses to ensure successful credential rotation for Panther-created users.

If any evidence arises suggesting that your password-based authentication credentials may have been directly targeted, we will contact you immediately. In the case of customer-managed Snowflake and Panther instances, we recommend following the guidance from Snowflake on account hardening.

Using the guidance and indicators of compromise included in the Snowflake announcement last week, we have released a set of detection rules and queries into our panther-analysis GitHub repository. These will also be visible in the Panther Console when you navigate to Investigate > Saved Searches. These rules and queries can aid your ongoing Snowflake warehouse monitoring to ensure safe and secure usage. If you‚'d like to contribute additional queries or rules, please open a Pull Request against panther-analysis.

We want to emphasize our commitment to the security of our customers‚' data. We are continuously monitoring and enhancing our security measures to ensure the highest level of protection for your data. We understand that the recent attacks on Snowflake customers may be concerning, and we are here to provide support and answer any questions you may have. If you are seeking additional information or clarity, please contact us directly. Your trust is our top priority, and we are committed to maintaining it through continued transparency.