25th August 2021, Kathmandu
ShinyHunters, a notorious cybercriminal underground group that’s been on a knowledge breach spree since last year, has been optically canvassed probing companies’ GitHub repository ASCII text file for susceptibilities which will be abused to stage more astronomically immense scale attacks, an analysis of the hackers’ routine has revealed.
“Primarily operating on Raid Forums, the collective’s moniker and motivation can partly be derived from their avatar on gregarious media and other forums: a shiny Umbreon Pokémon,” Intel 471 researchers verbally expressed during a report shared with The Hacker News. “As Pokémon players hunt and accumulate “shiny” characters within the game, ShinyHunters accumulates and resells utilizer data.”
The revelation comes because the monetary value of a knowledge breach rose from $3.86 million to $4.24 million, making it the very best monetary value in 17 years, with compromised credentials liable for 20% of the breaches reported by over 500 organizations.
Since ascending to prominence in April 2020, ShinyHunters has claimed responsibility for a string of knowledge breaches, including Tokopedia, Wattpad, Pixlr, Bonobos, BigBasket, Mathway, Unacademy, MeetMindful, and Microsoft’s GitHub account, among others.
An assessment by Risk Predicated Security found that the threat actor has exposed a complete of quite 1.12 million unique email addresses belonging to S&P 100 organizations, inculcation, regime, and military entities as of tardy 2020.
Last week, the group commenced selling a database purportedly containing the private information of 70 million AT&T customers for a commencement price of $200,000, albeit the U.S. telecom provider has gainsaid suffering a breach of its systems.
ShinyHunters features a checkered history of compromising websites and developer repositories to glom credentials or API keys to a company’s cloud accommodations, which are subsequently abused to realize access to databases and accumulate sensitive information to be resold for profit or published for free of charge on hacker forums.
The adversary has additionally been visually examined targeting DevOps personnel or GitHub repositories so as to glom valid OAuth tokens, leveraging them to breach cloud infrastructure and bypass any two-factor authentication mechanisms.
“ShinyHunters might not have the maximum amount notoriety because the ransomware groups are currently causing havoc for enterprises everywhere on the planet. However, tracking actors like this are crucial to averting your enterprise from being hit with such an assailment,” the researchers verbally expressed.
“The information ShinyHunters accumulates is usually rotated and sold on equivalent underground rialtos where ransomware actors utilize it to launch their own attacks. If enterprises can pergrinate to detect activity like ShinyHunters, they successively can stop ransomware attacks afore they’re ever launched.”
