Scattered Lapsus$ Hunters Tied to Targeting of Zendesk Users
bankinfosecurityUncovered: Typosquatted Domains Linked to Suspected Ransomware Group Campaign Akshaya Asokan (asokan_akshaya) • November 28, 2025
A Western cybercrime collective largely comprised of teenagers, tied to disruptions of major firms, appears to be gearing up for a fresh round of large-scale attacks.
See Also: Going Beyond the Copilot Pilot - A CISO's Perspective
More than 40 "typosquatted and impersonating domains" have been discovered, designed to mimic legitimate Zendesk URLs, and which apparently trace to the hacking collective lately calling itself Scattered Lapsus$ Hunters, says a report from cybersecurity firm ReliaQuest.
The typosquatted domains have debuted over the last six months and lead to phishing pages that feature bogus single sign-on portals for Zendesk, designed to steal legitimate authentication credentials for accessing the customer service and sales platform. "These domains, such as znedesk.com or vpn-zendesk.com, are clearly designed to mimic legitimate Zendesk environments," it said.
Based on the ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE