ShinyHunters Extortion Gang Claims Responsibility
The ShinyHunters extortion gang has claimed responsibility for a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google.
Attack Method
In these attacks, threat actors impersonate IT support and call employees, tricking them into entering their credentials and multi-factor authentication (MFA) codes on phishing sites that impersonate company login portals.
Consequences Of Compromise
Once compromised, the attackers gain access to the victim's SSO account, which can provide access to other connected enterprise applications and services.
Connected Services
Platforms commonly connected through SSO include Salesforce, Microsoft 365, Google Workspace, Dropbox, Adobe, SAP, Slack, Zendesk, Atlassian, and many others.
ShinyHunters' Response
ShinyHunters confirmed to BleepingComputer that it is responsible for some of the social engineering attacks, stating that Salesforce remains its primary interest and target.