BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

ShinyHunters Expand Saas Attacks with Vishing Campaign

Surging voice phishing attacks steal credentials to hijack SaaS data for extortion.

  • Google’s Mandiant reported a surge in advanced voice phishing attacks by the ShinyHunters group, targeting SaaS applications for data theft and extortion on January 31, 2026.
  • The hackers impersonate IT staff to steal single sign-on credentials and MFA codes, subsequently accessing and exfiltrating sensitive corporate data from platforms like SharePoint and OneDrive.
  • Cryptocurrency-focused companies are among the targets, with actors using compromised email accounts to launch further phishing campaigns and then deleting the evidence.
  • Google recommends moving to phishing-resistant MFA like FIDO2 security keys and improving help desk verification processes, as detailed in its hardening guide.

On January 31, 2026, Google‘s threat intelligence arm Mandiant identified a dangerous expansion in financially motivated cyberattacks, according to a new report. The activity, linked to the ShinyHunters extortion group, uses sophisticated voice phishing to steal employee credentials and hijack cloud-based applications.

- Advertisement -

Attackers, tracked as UNC6661 and UNC6671, pose as IT support staff in phone calls directing victims to fake login pages. Once they obtain multi-factor authentication codes, they register their own devices and move laterally across corporate networks.

Consequently, the hackers siphon sensitive data from software-as-a-service platforms to extort the victims. In some cases, they even weaponize access to compromised email accounts for additional phishing, specifically targeting cryptocurrency firms.

Meanwhile, Google has outlined extensive defensive measures to counter this rising threat to SaaS security. Recommendations include enforcing device access controls and monitoring for suspicious OAuth authorization events with tools like ToogleBox Email Recall.

“This activity is not the result of a security vulnerability in vendors’ products or infrastructure,” Google stated. The company stressed that the attacks highlight the critical need for organizations to adopt phishing-resistant authentication methods.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Black: SpaceX acquiring Tesla would dilute shareholders 25%

Gary Black rejected speculation that SpaceX could acquire Tesla, warning such a deal could...

Bybit launches Indonesia platform after acquiring NOBI

Bybit launched a locally operated platform in Indonesia after acquiring a majority stake in...

Bitcoin Futures Liquidity Drives Price Action Near Key $64K Level

Bitcoin's short-term price action is increasingly driven by futures market activity, with prices gravitating...

Hacker leaks Suno source code, confirms massive music scraping

A Hacker using the Shai-Hulud worm breached AI music platform Suno and leaked source...

Analysts, traders: Stripe-Advent offer undervalues PayPal

A reported $53.4 billion takeover offer from Stripe and Advent International at $60.50 per...

Must Read

Sushiswap vs Uniswap, What are the differences between these dex?

It's no secret that the world of decentralized exchanges has exploded in recent years. Many of you are probably wondering what the difference is...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading