Researchers Share Common Tactics of ShinyHunters Threat GroupResearchers Share Common Tactics of ShinyHunters Threat Group
Intel 471 researchers break down common tactics and techniques of the data-stealing group behind many big breaches.
August 24, 2021
New information from Intel 471 examines the common exploit tactics of the cybercrime group known as ShinyHunters.
ShinyHunters is behind several high-profile breaches over the last two years. Its attacks often start with a breach of legitimate credentials, most likely for a company's cloud services, Intel 471 researchers write in a blog post. Since surfacing in April 2020, "the group has been behind some of the most notable data breaches that have been made public. Those include breaches of Microsoft's GitHub account, photo editing app Pixlr, and men's clothing retailer Bonobos.”
Researchers provide a breakdown of the courses of action ShinyHunters often takes in an attack. The group often starts by searching for companies that are using Microsoft Office 365 and look for valid accounts. They also often search for third parties that store GitHub open authorization tokens and do research to identify research and development employees in an organization. They then use the credentials in secondary or tertiary attacks.
"The group will also search a company's GitHub repository source code for vulnerabilities within the code itself. These vulnerabilities are used in further, more complex, third-party or supply chain attacks," the post says. "Tracking actors like this are crucial to preventing your enterprise from being hit with such an attack."
Read the full post here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks