Researchers Share Common Tactics of ShinyHunters Threat Group
Intel 471 researchers break down common tactics and techniques of the data-stealing group behind many big breaches.
New information from Intel 471 examines the common exploit tactics of the cybercrime group known as ShinyHunters.
ShinyHunters is behind several high-profile breaches over the last two years. Its attacks often start with a breach of legitimate credentials, most likely for a company's cloud services, Intel 471 researchers write in a blog post. Since surfacing in April 2020, "the group has been behind some of the most notable data breaches that have been made public. Those include breaches of Microsoft's GitHub account, photo editing app Pixlr, and men's clothing retailer Bonobos.”
Researchers provide a breakdown of the courses of action ShinyHunters often takes in an attack. The group often starts by searching for companies that are using Microsoft Office 365 and look for valid accounts. They also often search for third parties that store GitHub open authorization tokens and do research to identify research and development employees in an organization. They then use the credentials in secondary or tertiary attacks.
"The group will also search a company's GitHub repository source code for vulnerabilities within the code itself. These vulnerabilities are used in further, more complex, third-party or supply chain attacks," the post says. "Tracking actors like this are crucial to preventing your enterprise from being hit with such an attack."
Read the full post here.
About the Author
You May Also Like
A Cyber Pros' Guide to Navigating Emerging Privacy Regulation
Dec 10, 2024Identifying the Cybersecurity Metrics that Actually Matter
Dec 11, 2024The Current State of AI Adoption in Cybersecurity, Including its Opportunities
Dec 12, 2024Cybersecurity Day: How to Automate Security Analytics with AI and ML
Dec 17, 2024The Dirt on ROT Data
Dec 18, 2024