Researchers Share Common Tactics of ShinyHunters Threat GroupResearchers Share Common Tactics of ShinyHunters Threat Group
Intel 471 researchers break down common tactics and techniques of the data-stealing group behind many big breaches.
August 24, 2021

New information from Intel 471 examines the common exploit tactics of the cybercrime group known as ShinyHunters.
ShinyHunters is behind several high-profile breaches over the last two years. Its attacks often start with a breach of legitimate credentials, most likely for a company's cloud services, Intel 471 researchers write in a blog post. Since surfacing in April 2020, "the group has been behind some of the most notable data breaches that have been made public. Those include breaches of Microsoft's GitHub account, photo editing app Pixlr, and men's clothing retailer Bonobos.”
Researchers provide a breakdown of the courses of action ShinyHunters often takes in an attack. The group often starts by searching for companies that are using Microsoft Office 365 and look for valid accounts. They also often search for third parties that store GitHub open authorization tokens and do research to identify research and development employees in an organization. They then use the credentials in secondary or tertiary attacks.
"The group will also search a company's GitHub repository source code for vulnerabilities within the code itself. These vulnerabilities are used in further, more complex, third-party or supply chain attacks," the post says. "Tracking actors like this are crucial to preventing your enterprise from being hit with such an attack."
Read the full post here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023