Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group

August 23, 2021
ShinyHunters Cyber Crime Group

ShinyHunters, a infamous cybercriminal underground group that is been on an information breach spree since final yr, has been noticed looking out corporations’ GitHub repository supply code for vulnerabilities that may be abused to stage bigger scale assaults, an evaluation of the hackers’ modus operandi has revealed.

“Primarily working on Raid Boards, the collective’s moniker and motivation can partly be derived from their avatar on social media and different boards: a shiny Umbreon Pokémon,” Intel 471 researchers mentioned in a report shared with The Hacker Information. “As Pokémon gamers hunt and acquire “shiny” characters within the sport, ShinyHunters collects and resells person knowledge.”

The revelation comes because the average cost of a data breach rose from $3.86 million to $4.24 million, making it the very best common value in 17 years, with compromised credentials accountable for 20% of the breaches reported by over 500 organizations.

Stack Overflow Teams

Since rising to prominence in April 2020, ShinyHunters has claimed duty for a string of data breaches, together with Tokopedia, Wattpad, Pixlr, Bonobos, BigBasket, Mathway, Unacademy, MeetMindful, and Microsoft’s GitHub account, amongst others.

An evaluation by Threat Primarily based Safety found that the menace actor has uncovered a complete of greater than 1.12 million distinctive electronic mail addresses belonging to S&P 100 organizations, training, authorities and navy entities as of late 2020.

Final week, the group started selling a database purportedly containing the private data of 70 million AT&T clients for a beginning worth of $200,000, though the U.S. telecom supplier has denied struggling a breach of its programs.

ShinyHunters has a checkered historical past of compromising web sites and developer repositories to steal credentials or API keys to an organization’s cloud companies, that are subsequently abused to achieve entry to databases and collect delicate data to be resold for revenue or printed without spending a dime on hacker boards.

Enterprise Password Management

The adversary has additionally been noticed focusing on DevOps personnel or GitHub repositories with a purpose to steal legitimate OAuth tokens, leveraging them to breach cloud infrastructure and bypass any two-factor authentication mechanisms.

“ShinyHunters might not have as a lot notoriety because the ransomware teams which can be at present inflicting havoc for enterprises all around the world. Nonetheless, monitoring actors like this are essential to stopping your enterprise from being hit with such an assault,” the researchers mentioned.

“The knowledge ShinyHunters gathers is commonly circled and bought on the identical underground marketplaces the place ransomware actors use it to launch their very own assaults. If enterprises can transfer to detect exercise like ShinyHunters, they in flip can cease ransomware assaults earlier than they’re ever launched.”

Posted in SecurityTags:
Write a comment