Google Hacked by ShinyHunter Gang: Voice Phishing Breach Affects Small Businesses
In an unexpected turn of events, Google has fallen victim to the cyber-attack by the notorious group known as ShinyHunter. This attack comes weeks after Google issued a warning about ShinyHunter’s rampant hacking activities.
The breach occurred through a corporate account with Salesforce, a provider of customer relationship management services. However, it appears that the intrusion has primarily affected small and medium-sized businesses rather than general internet users.
Google stated that the compromised Salesforce instance stored contact information and related notes for these businesses. The data stolen by the threat actor mainly consisted of basic business information such as business names and contact details, which are typically publicly available.
According to Google, the hackers were only able to access the data during a brief period before the access was terminated. As of now, Google has not disclosed the number of businesses affected by this breach.
It is believed that ShinyHunters exploited “voice phishing,” a method where a hacker poses as a customer support agent and manipulates victims into disclosing their passwords or installing malicious applications.
In June, Google’s Threat Intelligence team published a post warning about a hacking group allegedly linked to ShinyHunters using voice phishing to persuade victims into installing a malicious application that connected to their Salesforce portal. The group has been successful in deceiving employees, particularly those within English-speaking branches of multinational corporations.
Similar tactics have been employed by another hacking group, Scattered Spider, which has targeted various industries, including airlines. Security analysts suspect that there might be overlapping membership between the two groups or they could be focusing on the same sectors, making attribution complex, according to BleepingComputer.
In both scenarios, both groups aim to steal confidential data with the intention of blackmailing victims through ransom demands. However, Scattered Spider has been known to deploy ransomware post-breach, as reported by US cyber authorities.
Stay informed about the latest privacy and security news by subscribing to our SecurityWatch newsletter, where our most critical privacy and security stories will be delivered straight to your inbox.
