OVER 100 organizations have been targeted in a ShinyHunters phishing campaign, with domain infrastructure indicating attacks against companies including Atlassian, Canva, Epic Games, HubSpot, Moderna, ZoomInfo and WeWork, according to SecurityWeek. Silent Push identified domains suggesting the threat actors prepared or conducted attacks across multiple sectors, and named several major firms as victims, though it remains unclear whether any breaches occurred.
The campaign employed voice phishing or vishing to target single sign-on accounts linked to Okta and other identity platforms, and used phishing kits designed to intercept credentials and bypass multi-factor authentication, as observed by Okta and others. According to Okta, the real-time session orchestration delivered by these kits enables threat actors to control the browser authentication flow while communicating with targets.
ShinyHunters is the public-facing group behind the attacks, though Silent Push attributes the campaign to a cluster dubbed Scattered LAPSUS$ Hunters, formed by members of Lapsus$, Scattered Spider and ShinyHunters. The article notes that the hackers released millions of records allegedly stolen from listed companies on their leak site.