Hanging Up on ShinyHunters: Experts Detail Vishing Defenses

Sophisticated Voice Phishing Campaigns Don't Exploit Any Software Vulnerabilities Mathew J. Schwartz (euroinfosec) • February 2, 2026

An upsurge of attempts to snare employees in voice phishing campaigns is active and ongoing right now, warn security experts who advise battening down corporate identity verification processes.

See Also: On-Demand | NYDFS MFA Compliance: Real-World Solutions for Financial Institutions

The campaigns, often attributable to the ShinyHunters cybercrime gang, have bypassed some types of multifactor authentication defenses, allowing criminals to ransack organizations' software-as-a-service applications.

Dozens of organizations have already been targeted, with attackers often trying to gain access to an organization's Okta or Microsoft Entra ID - formerly Azure Active Directory - identity platforms.

Attackers' repeat goal has been to gain access to an organization's single sign-on portal and follow wherever it will let them go, then hold stolen data to ransom, said Google Cloud's Mandiant incident response group ...