Over 100 Organizations Targeted in ShinyHunters Phishing Campaign

Many major organizations appear to have been targeted in a recent cybercrime campaign linked to the ShinyHunters group, according to security firm Silent Push.

Over the past 30 days, Silent Push has identified domains suggesting that the threat actors have been preparing or conducting attacks against at least 100 organizations in sectors such as software and technology, financial, biotech and pharma, financial services, real estate, energy and utilities, healthcare, logistics and transportation, manufacturing, retail, and insurance.

Silent Push has named major companies such as Atlassian, Adyen, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, GameStop, WeWork, Halliburton, Sonos, and Telstra.

The hackers have set up fake domains targeting these companies, but it’s unclear whether any attacks were conducted or whether their attempts to gain access to systems were successful.

In the campaign, the cybercriminals used voice phishing (vishing) to target single sign-on (SSO) accounts associated with Okta and other identity platforms ...