Cybersecurity News Kinetic Potential

Over 100 Organizations Targeted in ShinyHunters Phishing Campaign

Tue, 01/27/2026 - 10:08 / 0 Comments

Many major organizations appear to have been targeted in a recent cybercrime campaign linked to the ShinyHunters group, according to security firm Silent Push.

Over the past 30 days, Silent Push has identified domains suggesting that the threat actors have been preparing or conducting attacks against at least 100 organizations in sectors such as software and technology, financial, biotech and pharma, financial services, real estate, energy and utilities, healthcare, logistics and transportation, manufacturing, retail, and insurance.

Silent Push has named major companies such as Atlassian, Adyen, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, GameStop, WeWork, Halliburton, Sonos, and Telstra.

The hackers have set up fake domains targeting these companies, but it’s unclear whether any attacks were conducted or whether their attempts to gain access to systems were successful.

In the campaign, the cybercriminals used voice phishing (vishing) to target single sign-on (SSO) accounts associated with Okta and other identity platforms.

In attacks observed by Okta and others, threat actors used specialized phishing kits that enable them to intercept credentials and trick victims into helping them bypass multi-factor authentication.

“The most critical of these features are client-side scripts that allow threat actors to control the authentication flow in the browser of a targeted user in real-time while they deliver verbal instructions or respond to verbal feedback from the targeted user,” Okta explained.

It added, “It’s this real-time session orchestration that delivers the plausibility required to convince the threat actor’s target to approve push notifications, submit one time passcodes (OTP) or take other actions the threat actor needs to bypass MFA controls.”

ShinyHunters is the public-facing entity that has taken credit for the attacks, but Silent Push has attributed the campaign — based on TTPs — to Scattered LAPSUS$ Hunters, the group formed last year by Lapsus$, Scattered Spider, and ShinyHunters members.

On the ShinyHunters leak website, the cybercriminals recently listed companies such as Betterment, Crunchbase, and SoundCloud, all of which have confirmed suffering a data breach.

Alon Gal, CTO of threat intelligence firm Hudson Rock, learned from ShinyHunters that these are victims of the Okta SSO vishing campaign. The hackers have released millions of records allegedly stolen from these companies.

This article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
4 + 9 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts