Google's Mandiant Identifies Expansion of ShinyHunters-Linked Cybercrime Activities Using Vishing and MFA Bypass

Google's subsidiary Mandiant has identified an expansion of malicious activities employing techniques similar to those used by the ShinyHunters group, which is active in financial extortion. The attacks rely on vishing (voice phishing) and fraudulent websites impersonating target companies to steal credentials and bypass multi-factor authentication (MFA). These methods aim to compromise SaaS platforms. The announcement was published on January 10, 2026. No details about the victims or the extent of the compromises have been disclosed.