Mandiant Uncovers ShinyHunters' SSO and MFA Exploitation in SaaS Data Theft Campaign

Mandiant has identified a recent campaign by the ShinyHunters group targeting SaaS data through vishing (voice phishing) attacks and phishing websites impersonating companies. The attackers steal Single Sign-On (SSO) credentials and Multi-Factor Authentication (MFA) codes to gain access to cloud environments. No specific date or sectoral targets are mentioned. The techniques exploit centralized authentication mechanisms to exfiltrate data. The impact includes the theft of data stored in compromised cloud services.