'The breadth of targeted cloud platforms continues to expand': Google's security team takes a look at how ShinyHunters have rolled out so many SSO scams recently

• ShinyHunters use vishing and custom phishing pages to bypass SSO protections
• Stolen MFA codes grant access to platforms like Salesforce, Microsoft 365, and Dropbox
• Other groups mimic tactics; experts urge phishing-resistant MFA and Zero Trust defenses

A highly effective combination of vishing (voice phishing) and customized infrastructure has allowed the dreaded ShinyHunters extortion gang to launch countless single sign-on (SSO) scams in recent times, experts have concluded

A new report from Google's Mandiant experts has explained the modus operandi behind a wave of SSO attacks that hit companies across industries recently, saying it all starts with a phone call.

It found ShinyHunters have perfected impersonating IT staff and tech operatives, calling employees in different positions and telling them their MFA settings need updating.