Researchers Element Modus Operandi of ShinyHunters Cyber Crime Group

ShinyHunters Cyber Crime Group

ShinyHunters, a infamous cybercriminal underground group that is been on an information breach spree since final 12 months, has been noticed looking out corporations’ GitHub repository supply code for vulnerabilities that may be abused to stage bigger scale assaults, an evaluation of the hackers’ modus operandi has revealed.

“Primarily working on Raid Boards, the collective’s moniker and motivation can partly be derived from their avatar on social media and different boards: a shiny Umbreon Pokémon,” Intel 471 researchers mentioned in a report shared with The Hacker Information. “As Pokémon gamers hunt and accumulate “shiny” characters within the sport, ShinyHunters collects and resells person knowledge.”

The revelation comes because the average cost of a data breach rose from $3.86 million to $4.24 million, making it the very best common price in 17 years, with compromised credentials liable for 20% of the breaches reported by over 500 organizations.

Stack Overflow Teams

Since rising to prominence in April 2020, ShinyHunters has claimed duty for a string of data breaches, together with Tokopedia, Wattpad, Pixlr, Bonobos, BigBasket, Mathway, Unacademy, MeetMindful, and Microsoft’s GitHub account, amongst others.

An evaluation by Danger Based mostly Safety found that the menace actor has uncovered a complete of greater than 1.12 million distinctive electronic mail addresses belonging to S&P 100 organizations, schooling, authorities and navy entities as of late 2020.

Final week, the group started selling a database purportedly containing the private data of 70 million AT&T prospects for a beginning worth of $200,000, though the U.S. telecom supplier has denied struggling a breach of its techniques.

ShinyHunters has a checkered historical past of compromising web sites and developer repositories to steal credentials or API keys to an organization’s cloud companies, that are subsequently abused to realize entry to databases and collect delicate data to be resold for revenue or revealed free of charge on hacker boards.

Prevent Ransomware Attacks

The adversary has additionally been noticed concentrating on DevOps personnel or GitHub repositories with a purpose to steal legitimate OAuth tokens, leveraging them to breach cloud infrastructure and bypass any two-factor authentication mechanisms.

“ShinyHunters could not have as a lot notoriety because the ransomware teams which might be at the moment inflicting havoc for enterprises everywhere in the world. Nonetheless, monitoring actors like this are essential to stopping your enterprise from being hit with such an assault,” the researchers mentioned.

“The knowledge ShinyHunters gathers is commonly rotated and bought on the identical underground marketplaces the place ransomware actors use it to launch their very own assaults. If enterprises can transfer to detect exercise like ShinyHunters, they in flip can cease ransomware assaults earlier than they’re ever launched.”

Source link