Mandiant Exposes ShinyHunters-Style Vishing Attacks Breaching SaaS Platforms
These articles are AI-generated summaries. Please check the original sources for full details.
ShinyHunters-Style Vishing Attacks
Mandiant, a Google-owned cybersecurity firm, has identified an expansion in threat activity consistent with extortion-themed attacks orchestrated by the financially motivated hacking group known as ShinyHunters, leveraging advanced voice phishing and bogus credential harvesting sites to gain unauthorized access to victim environments. The attacks have resulted in the breach of over 100 organizations, with sensitive data and internal communications being siphoned.
Why This Matters
The technical reality of these attacks highlights the limitations of traditional MFA and SSO systems in preventing sophisticated social engineering attacks, with the ideal models of security often being compromised by human error and phishing-resistant MFA methods being underutilized. The failure scale of these attacks is significant, with the potential for massive data breaches and extortion, costing organizations millions of dollars in damages and reputational loss.
Key Insights
- UNC6661 and UNC6671 have been observed using vishing attacks to steal MFA codes and SSO credentials, with at least 100 organizations targeted, according to Mandiant’s threat intelligence team.
- The use of FIDO2 security keys or passkeys can provide phishing-resistant MFA, reducing the risk of social engineering attacks, as recommended by Google.
- Okta customer accounts have been compromised by UNC6671, highlighting the need for improved security measures in SaaS platforms, with Okta being a popular target for attackers.
Working Example
# Example of a phishing-resistant MFA implementation using FIDO2 security keys
import os
import hashlib
def generate_fido2_key():
# Generate a FIDO2 security key
key = os.urandom(32)
return key
def verify_fido2_key(key, challenge):
# Verify the FIDO2 security key
response = hashlib.sha256(key + challenge).hexdigest()
return response
# Example usage
key = generate_fido2_key()
challenge = b"example_challenge"
response = verify_fido2_key(key, challenge)
print(response)Practical Applications
- Use Case: Implementing phishing-resistant MFA using FIDO2 security keys or passkeys can help prevent social engineering attacks, as seen in the case of Google’s recommendation for organizations to move towards phishing-resistant MFA.
- Pitfall: Using traditional MFA methods, such as push-based or SMS authentication, can leave organizations vulnerable to social engineering attacks, as highlighted by the ShinyHunters-style vishing attacks.
References:
Continue reading
Next article
Mastering Memory Leak Debugging in Kubernetes
Related Content
High-Speed SaaS Extortion: How Cordial Spider and Snarky Spider Abuse SSO
Cybercrime groups Snarky Spider and Cordial Spider exploit SaaS via vishing and SSO abuse, initiating data exfiltration in under 60 minutes.
Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing
Microsoft reports a surge in phishing attacks exploiting email misconfigurations, with over 13 million malicious emails blocked in October 2025.
ShinyHunters Expands SaaS Extortion Attacks to Microsoft 365, Slack
ShinyHunters has expanded its extortion attacks to various SaaS environments, including Microsoft 365 and Slack, using voice phishing and credential harvesting to compromise targeted organizations.