ShinyHunters-Linked Cybercrime Campaign Targets Over 100 Major Organizations A recent cybercrime campaign attributed to the ShinyHunters group has targeted at least 100 organizations across multiple sectors, including software, finance, healthcare, and energy, according to cybersecurity firm Silent Push. Over the past 30 days, threat actors registered fake domains impersonating high-profile companies such as Atlassian, Adyen, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, GameStop, WeWork, Halliburton, Sonos, and Telstra. The attackers employed voice phishing (vishing) tactics to compromise single sign-on (SSO) accounts, particularly those using Okta and other identity platforms. Using specialized phishing kits, they intercepted credentials and manipulated victims into bypassing multi-factor authentication (MFA) by convincing them to approve push notifications or submit one-time passcodes (OTPs). Okta described the attacks as involving real-time session orchestration, where threat actors guided victims through the authentication process via verbal instructions. While Silent Push identified the infrastructure used in the campaign, it remains unclear whether the attacks successfully breached any systems. However, ShinyHunters has claimed responsibility for data breaches at companies like Betterment, Crunchbase, and SoundCloud, all of which confirmed incidents. The group allegedly stole millions of records from these organizations as part of the Okta SSO vishing campaign. Silent Push attributes the campaign to Scattered LAPSUS$ Hunters, a collective formed last year by members of Lapsus$, Scattered Spider, and ShinyHunters, based on observed tactics, techniques, and procedures (TTPs). The incident follows recent warnings from Google and others about rising vishing and phishing attacks targeting identity platforms.

Australia's largest telecoms firm Telstra Corp Ltd suffered a data breach incident which affected around 30,000 current and former employees. The breach compromised basic information like names and email addresses.

Australian telecom firm Telstra was hit by a cyber attack result of which the hackers gained access to 10000 SIM cards. The compromised information included financial information, contracts, and banking information of the SIM card users. The company’s website has been offline for days after a hacker group said it infiltrated the company’s data systems and posted a disturbing ransom note on the dark web.

A 63-year-old layman was been able to access a Telstra database containing the contact details of their customers. Once he signed in, he put in the search term “email” and it returned 66,500 results containing names, addresses, email addresses and phone numbers. Telstra has also since identified two other customers who were able to access the database.

A flaw in medical software used by more than 40,000 Australian health specialists and distributed by Telstra has potentially exposed Australians' medical information to hackers. Hackers have been logging into practitioners' computers and servers to carry out illegal activities. The flaw in the "secure" messaging software is specifically leaving computers with remote desktop software installed wide open because it creates a separate username with a static default password that will allow for an easy intrusion.

TELSTRA faced another data privacy breach incident after the email addresses and phone numbers of more than a thousand of its BigPond customers were made accessible online. An online spreadsheet containing customer names, email addresses and details of service support issues, was exposed.