ShinyHunters Target 100+ Firms Using Phone Calls to Bypass SSO Security

ShinyHunters is driving attacks on 100+ organisations, using vishing and fake login pages with allied groups to bypass SSO and steal company data, reports Silent Push.

A massive campaign to steal digital identities is hitting more than 100 large organisations. Researchers at pre-emptive cyber defence firm Silent Push say the activity is driven by ShinyHunters, working in coordination with Scattered Lapsus$ Hunters as part of a broader alliance the firm tracks as SLSH.

According to Silent Push’s blog post, these hackers are not just using automated bots; instead, they are using a human-led method called voice phishing, or vishing. This involves a real person calling employees or help desks to trick them into giving up their login details.

How the trick works

The group reportedly uses a tool called a Live Phishing Panel. Most companies, as we know them, use Single Sign-On (SSO), such as Okta, which allows a ...