"The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. In these attacks, threat actors impersonate IT support and call employees, tricking them into entering their credentials and multi-factor authentication (MFA) codes on phishing sites that impersonate company login portals."
"Once compromised, the attackers gain access to the victim's SSO account, which can provide access to other connected enterprise applications and services. SSO services from Okta, Microsoft Entra, and Google enable companies to link third-party applications into a single authentication flow, giving employees access to cloud services, internal tools, and business platforms with a single login."
The ShinyHunters extortion gang claims responsibility for voice phishing campaigns targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google. Threat actors impersonate IT support and call employees to trick them into entering credentials and multi-factor authentication (MFA) codes on phishing sites that mimic company login portals. Compromised SSO accounts can grant attackers access to connected enterprise applications, cloud services, internal tools, and business platforms. Attackers then exfiltrate company data from breached SaaS platforms and use the information for extortion. SSO services from Okta, Microsoft Entra, and Google consolidate authentication for third-party applications into a single login flow, increasing the impact of successful compromises.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]