All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

ShinyHunters Breaches Reveal Shift to Credential-Based Cyberattacks

15d ago· 1 min readenInsight

Summary

This article analyzes the evolving tactics of the ShinyHunters threat group, highlighting a shift from traditional exploit-based attacks to credential-driven access methods. It details breaches at major organizations including University of Nottingham, DentaQuest, 7-Eleven, Medtronic, and Wynn Resorts, linked to compromised Salesforce environments, Snowflake customers, and Okta identity platforms. Key attack vectors include stolen credentials, OAuth token abuse, MFA fatigue via vishing, social engineering, and misconfigured guest access in cloud platforms like Salesforce Experience Cloud.

Source

bskyShinyHunters Breaches Reveal Shift to Credential-Based Cyberattacksbriefly.co

Key quotes

· 3 pulled
The playbook has shifted from exploiting unpatched systems or deploying malware to logging in.
Repeated tactics include infostealer-harvested credentials, MFA fatigue via vishing, compromised SaaS integrations, OAuth token abuse, excessive cloud permissions, misconfigured identity and guest access, third-party trust exploitation, and help desk impersonation.
In a Salesforce Experience Cloud campaign, overly permissive guest-user configurations enabled CRM data extraction from public-facing portals, attributed to identity and access misconfiguration rather than a platform vulnerability.
Snippet from the RSS feed
Breaches tied to ShinyHunters include University of Nottingham, DentaQuest, 7-Eleven, Medtronic, and Wynn Resorts. The activity has been linked to Salesforce environments, Snowflake customers, SaaS integrations, and identity platforms such as Okta. Observ

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.