ShinyHunters claim to be behind SSO-account data theft attacks

The ShinyHunters extortion gang claims responsibility for a wave of voice phishing attacks targeting SSO accounts at Okta, Microsoft, and Google. The attacks involve impersonating IT support to trick employees into entering their credentials on phishing sites. Once compromised, attackers can access corporate SaaS platforms and steal company data for extortion. The phishing kits used in these attacks allow real-time changes to the phishing site, guiding victims through the login and MFA authentication process. ShinyHunters confirmed their involvement but declined to provide further details, stating Salesforce as their primary target.