| |

ShinyHunters May Partner with Scattered Spider in Salesforce Cyber Attack Initiatives

ByAdmin

The notorious ShinyHunters cybercriminal group has resurfaced after a year-long hiatus, launching a sophisticated series of attacks targeting Salesforce platforms within major organisations, including high-profile victims like Google. This resurgence signifies a notable tactical evolution for these financially motivated threat actors, who have historically concentrated on database exploitation and credential theft. The current campaign is particularly alarming due to its resemblance to operations typically associated with the Scattered Spider hacking collective. The convergence of tactics between these two formidable groups raises concerns about an increasingly coordinated landscape of cybercriminal activity. The attacks have specifically focused on sectors such as retail, aviation, and insurance, with victims that include luxury brands and technology service providers.

ReliaQuest analysts have identified compelling evidence supporting the theory of collaboration between ShinyHunters and Scattered Spider through comprehensive domain analysis and infrastructure investigation. Their research uncovered coordinated ticket-themed phishing domains and Salesforce credential harvesting pages, indicating a systematic approach to victim targeting. Notably, investigators discovered a BreachForums user with the alias “Sp1d3rhunters,” a clever amalgamation of both group names, who was linked to previous ShinyHunters breaches and appeared to leak Ticketmaster data in July 2024. The technical sophistication of these attacks marks a significant departure from ShinyHunters’ historical methods, as the group has adopted Scattered Spider’s signature techniques, including targeted vishing campaigns where attackers impersonate IT support staff to manipulate victims into authorising malicious “connected apps.” These applications masquerade as legitimate Salesforce tools, facilitating large-scale data exfiltration. 

Categories: Cybercriminal Tactics, Targeted Industries, Phishing and Credential Theft 

Tags: ShinyHunters, Cybercriminal, Salesforce, Phishing, Credential Theft, Social Engineering, Collaboration, Vishing, Data Exfiltration, Infrastructure 

Similar Posts

Weekly Cybersecurity News Roundup: Key Security Updates from Microsoft, Cisco, and Fortinet, Plus Recent Cyber Attack Insights Stay informed with our latest weekly recap of cybersecurity news, featuring essential security updates from industry leaders Microsoft, Cisco, and Fortinet. We also delve into recent cyber attacks, providing insights into emerging threats and vulnerabilities. Don’t miss out on crucial information that can help safeguard your digital assets!

Leave a Reply

Your email address will not be published. Required fields are marked *