Social engineering jackpot for ShinyHunters: The Workday breach slots into a much larger pattern of attacks exploiting Salesforce instances across multiple industries. Reports attribute the campaign to ShinyHunters, the notorious BreachForums admin, whom Google was tracking as UNC6040 when it first disclosed the campaign.Victims include Google itself, which said attackers accessed a Salesforce environment in June, Pandora, which confirmed theft of customer contact data, and a long list of global enterprises such as Adidas, Quantas, Allianz Life, Louis Vuitton, Dior, Tiffany & Co., Chanel, Cisco, and Air France-KLM.”The rise in social engineering attacks by malicious actors should alarm any organization’s security team,” said Thomas Richards, Infrastructure Security Practice Director at Black Duck. “This also demonstrates that the attackers are out of other options and are resorting to more difficult and time-consuming methods to attack these organizations. Every piece of information they gain in these attacks can be used to conduct further campaigns and get closer to their goals.”Boris Copilot, senior security engineer at Black Duck, echoed concerns over the incident possibly leading to further attacks. “Workday should remain cautious and be aware of potential scams, phishing attacks, and social engineering techniques,” he said. “Employees should be aware of the procedures and understand that they will not be penalized for refusing to provide information or assist someone impersonating a superior, including even a CEO.”ShinyHunters, a prolific data-theft actor active since 2020, has been linked to breaches at Microsoft’s GitHub repositories, AT&T customer databases, and PowerSchool, among others, cementing their reputation as one of the most disruptive actors on the cybercrime scene. Notably, the French police arrested an alleged ShinyHunters operator in June, along with four other BreachForums administrators, including IntelBroker (aka Kai West), the infamous cybercriminal now charged in the US with a string of high-impact hacks since 2022.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4042191/shinyhunters-strike-again-workday-breach-tied-to-salesforce-targeted-social-engineering-wave.html
