Weekly Update 502
ShinyHunters threat group uses social engineering and phishing to breach major brands despite limited resources.
Summary
ShinyHunters, a threat group composed primarily of teenagers to early-20-somethings, is successfully breaching major corporations through sophisticated social engineering rather than advanced technical exploits. The group leverages voice phishing (vishing) and credential harvesting to obtain SSO credentials and MFA codes for initial access. Mandiant has documented these tactics, highlighting a trend of minimal-resource threat actors gaining outsized impact through low-tech but effective social engineering methods.
Full text
It's a fascinating display of leverage: the ShinyHunters folks, with very limited resources and experience (their demographic will be teenagers to their early 20s), consistently gaining access to the data of massive brands. Not through technical ingenuity alone (although I'm sure there's a portion of that), but primarily through good ol' social engineering. That's coming through in the disclosure notices from the impacted companies, and Mandiant has a good write-up of it too:These operations primarily leverage sophisticated voice phishing (vishing) and victim-branded credential harvesting sites to gain initial access to corporate environments by obtaining single sign-on (SSO) credentials and multi-factor authentication (MFA) codesQuestion now is how long their run will go for. There's a very predictable ending if things keep going in this direction but right now, they show little sign of abating. Weekly update
Indicators of Compromise
- malware — ShinyHunters