ShinyHunters-Linked Cybercrime Campaign Targets Over 100 Major Organizations A recent cybercrime campaign attributed to the ShinyHunters group has targeted at least 100 organizations across multiple sectors, including software, finance, healthcare, and energy, according to cybersecurity firm Silent Push. Over the past 30 days, threat actors registered fake domains impersonating high-profile companies such as Atlassian, Adyen, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, GameStop, WeWork, Halliburton, Sonos, and Telstra. The attackers employed voice phishing (vishing) tactics to compromise single sign-on (SSO) accounts, particularly those using Okta and other identity platforms. Using specialized phishing kits, they intercepted credentials and manipulated victims into bypassing multi-factor authentication (MFA) by convincing them to approve push notifications or submit one-time passcodes (OTPs). Okta described the attacks as involving real-time session orchestration, where threat actors guided victims through the authentication process via verbal instructions. While Silent Push identified the infrastructure used in the campaign, it remains unclear whether the attacks successfully breached any systems. However, ShinyHunters has claimed responsibility for data breaches at companies like Betterment, Crunchbase, and SoundCloud, all of which confirmed incidents. The group allegedly stole millions of records from these organizations as part of the Okta SSO vishing campaign. Silent Push attributes the campaign to Scattered LAPSUS$ Hunters, a collective formed last year by members of Lapsus$, Scattered Spider, and ShinyHunters, based on observed tactics, techniques, and procedures (TTPs). The incident follows recent warnings from Google and others about rising vishing and phishing attacks targeting identity platforms.

Halliburton, a major energy services company, suffered a cyberattack on August 21, 2024, leading to operational disruptions after an unauthorized breach of its systems. The incident, disclosed in an SEC 8-K filing, prompted the company to isolate affected systems, initiate internal and external investigations, and engage law enforcement. While the full scope and specifics of the attack remain undisclosed, Halliburton is collaborating with cybersecurity experts to restore systems and mitigate risks.The attack underscores the escalating cyber threats targeting critical infrastructure, particularly in the energy sector, where operational downtime can have cascading effects on supply chains, financial stability, and national security. Given Halliburton’s role in oilfield services, the breach could disrupt energy production, logistics, or proprietary technologies, potentially affecting global markets. The incident also highlights vulnerabilities in industrial control systems (ICS) and the urgent need for fortified defenses against sophisticated cyber threats in high-stakes sectors.