Several threat clusters are using vishing schemes to steal SSO and MFA credentials to access corporate IT environments, Mandiant says.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

ShinyHunters and related threat groups are conducting sophisticated vishing (voice phishing) campaigns to steal SSO and MFA credentials, targeting SaaS applications to exfiltrate sensitive data for extortion. Google's Mandiant researchers identified three threat clusters using similar tactics: impersonating IT staff, directing victims to fake credential harvesting sites, and stealing data from cloud platforms. Recent attacks have compromised millions of records from companies like Panera Bread, SoundCloud, and Betterment. The campaigns represent an escalation in extortion-as-a-service, with attackers using stolen data to shame companies that refuse ransom demands and harassing victim personnel.

ShinyHunters Leads Surge in Vishing Attacks to Steal SaaS Data