"The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. In these attacks, threat actors impersonate IT support and call employees, tricking them into entering their credentials and multi-factor authentication (MFA) codes on phishing sites that impersonate company login portals."
"Once compromised, the attackers gain access to the victim's SSO account, which can provide access to other connected enterprise applications and services. SSO services from Okta, Microsoft Entra, and Google enable companies to link third-party applications into a single authentication flow, giving employees access to cloud services, internal tools, and business platforms with a single login."
ShinyHunters is attributed with a series of voice-phishing attacks that target single sign-on (SSO) accounts at Okta, Microsoft Entra, and Google. Attackers impersonate IT support in phone calls and coerce employees into entering credentials and multi-factor authentication (MFA) codes on fraudulent login portals. Compromised SSO accounts can grant access to connected enterprise applications and services, enabling lateral movement across corporate SaaS environments and data theft for extortion. Okta, Microsoft Entra, and Google SSO services consolidate authentication for third-party applications, providing employees with a single-login pathway to cloud services, internal tools, and business platforms.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]