ReliaQuest warns that the cybercriminal collective “Scattered Lapsus$ Hunters” seems to be utilizing social engineering assaults to focus on organizations’ Zendesk situations.
This group was behind a widespread marketing campaign earlier this yr that used voice phishing assaults to compromise dozens of corporations’ Salesforce portals.
“ReliaQuest’s Risk Analysis group recognized Zendesk-related domains, together with greater than 40 typosquatted domains and impersonating URLs, created inside the previous six months,” the researchers write.
“These domains, equivalent to znedesk[.]com or vpn-zendesk[.]com, are clearly designed to imitate reputable Zendesk environments. Some host phishing pages, like pretend single sign-on (SSO) portals that seem earlier than Zendesk authentication. It’s a traditional tactic in all probability geared toward stealing credentials from unsuspecting customers. We additionally recognized Zendesk-related impersonating domains that contained a number of completely different organizations’ names or manufacturers inside the URL, making it much more doubtless that unsuspecting customers would belief and click on on these hyperlinks.”
The Scattered Lapsus$ Hunters group could be very expert in a lot of these social engineering assaults, and makes use of the entry to achieve a foothold inside organizations. As soon as inside, they steal as a lot information as doable and try and extort the victims by itemizing them on leak websites.
“We even have proof to recommend that fraudulent tickets are being submitted on to reputable Zendesk portals operated by organizations utilizing the platform for customer support,” Reliaquest says.
“These pretend submissions are crafted to focus on assist and help-desk personnel, infecting them with distant entry trojans (RATs) and different kinds of malware. Concentrating on help-desk groups with these sorts of ways typically includes well-crafted pretexts, like pressing system administration requests or pretend password reset inquiries. The objective is to trick assist workers into handing over credentials or compromising their endpoints.”
KnowBe4 empowers your workforce to make smarter safety choices day-after-day. Over 70,000 organizations worldwide belief the KnowBe4 HRM+ platform to strengthen their safety tradition and cut back human danger.
ReliaQuest has the story.
