"In a Monday report, Silent Push researchers said the identity-theft operation set its sights on more than 100 Okta SSO accounts across "high-value enterprises." The cyber threat hunters also listed all of the companies across which they have "detected active targeting or infrastructure preparation directed at your domain" in the last 30 days. We are not going to list all of the names - head over to the Silent Push blog to check out the organizations,"
"Google's Mandiant team also confirmed on Monday that it's "tracking a new, ongoing ShinyHunters-branded campaign." It uses "evolved" voice-phishing techniques to "compromise SSO credentials from victim organizations, and enroll threat actor controlled devices into victim MFA solutions," Mandiant Consulting CTO Charles Carmakal told The Register. "This is an active and ongoing campaign. After gaining initial access, these actors pivot into SaaS environments to exfiltrate sensitive data," he continued."
ShinyHunters targeted roughly 100 Okta single sign-on accounts across high-value enterprises using credential theft in an ongoing campaign. Silent Push detected active targeting or infrastructure preparation directed at over 100 domains in the past 30 days and named multiple technology firms including Atlassian, AppLovin, Canva, Epic Games, Genesys, HubSpot, Iron Mountain, RingCentral, and ZoomInfo. Silent Push stated it has no intelligence confirming successful breaches of the listed organizations. ShinyHunters declined to confirm breach counts but indicated 100 was close. Mandiant confirmed tracking the campaign, describing evolved voice‑phishing to compromise SSO credentials and enroll attacker-controlled devices into victim MFA, then pivot into SaaS environments to exfiltrate sensitive data.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]