Many major organizations appear to have been targeted in an Okta SSO vishing campaign tied to ShinyHunters that involved fake domains and leaked data listings. Security firms warn attackers used real-time client-side phishing kits to intercept credentials and bypass MFA, urging adoption of phishing-resistant methods like FIDO2 and tighter app and API monitoring. #ShinyHunters #Okta
Keypoints
- Silent Push identified domains suggesting attacks against over 100 organizations across multiple sectors.
- ShinyHunters, linked to Scattered LAPSUS$ Hunters, has listed confirmed breach victims on its leak site.
- Attackers used vishing together with client-side phishing kits to orchestrate real-time MFA bypasses.
- Okta and Mandiant observed credential interception and session orchestration that convinces users to approve MFA prompts or submit OTPs.
- Experts recommend migrating to phishing-resistant MFA (FIDO2/passkeys), enforcing strict app authorization, and monitoring logs for anomalous API or device activity.
Read More: https://www.securityweek.com/over-100-organizations-targeted-in-shinyhunters-phishing-campaign/