Cybersecurity

Cyber: Mandiant Finds Shinyhunters-style Vishing Attacks Stealing Mfa To...

2026-01-31 0 views admin
Cyber: Mandiant Finds Shinyhunters-style Vishing Attacks Stealing Mfa To...

Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters.

The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim environments by collecting sign-on (SSO) credentials and multi-factor authentication (MFA) codes.

The end goal of the attacks is to target cloud-based software-as-a-service (SaaS) applications to siphon sensitive data and internal communications and extort victims.

The tech giant's threat intelligence team said it's tracking the activity under multiple clusters, including UNC6661, UNC6671, and UNC6240 (aka ShinyHunters), so as to account for the possibility that these groups could be evolving their modus operandi or mimicking previously observed tactics.

"While this methodology of targeting identity providers and SaaS platforms is consistent with our prior observations of threat activity preceding ShinyHunters-branded extortion, the breadth of targeted cloud platforms continues to expand as these threat actors seek more sensitive data for extortion," Mandiant noted.

"Further, they appear to be escalating their extortion tactics with recent incidents, including harassment of victim personnel, among other tactics."

Details of the vishing and credential theft activity are as follows -

To counter the threat posed to SaaS platforms, Google has outlined a long list of hardening, logging, and detection recommendations -

"This activity is not the result of a security vulnerability in vendors' products or infrastructure," Google said. "Instead, it continues to highlight the effectiveness of social engineering and underscores the importance of organizations moving towards phishing-resistant MFA where possible. Methods such as FIDO2 security keys or passkeys are resistant to social engineering in ways that push-based, or SMS authentication are not."

Source: The Hacker News

🏷️ Tags

securityhackvulnerabilityattackthreat

More from Cybersecurity

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

Cyber: Phishing Campaign Targets Freight And Logistics Orgs In The Us, Europe

2026-02-24 0
Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

Cyber: Wynn Resorts Confirms Employee Data Breach After Extortion Threat

2026-02-24 0
Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

Cyber: 1campaign Platform Helps Malicious Google Ads Evade Detection

2026-02-24 0
Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

Cyber: New Attackers Now Need Just 29 Minutes To Own A Network 2026

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views