- Google has confirmed the suffering of data violation
- The attack was carried out by Shinyhunters, once again kidnapping systems
- The group apparently slipped into an instance of Salesforce
The cybercounts known as Shinyhunters (UNC6040) recently broke into Google and stole commercial information from the client of one of their instances of Sales Force, confirmed the company.
In a blog post that broken down the Shinyhunters modus operandi, the company minimized the importance of the incident, noting that criminals really did not take anything sensitive, or of particular value.
“In June, one of the instances of Google’s corporate sales force was affected by a similar activity of UNC6040 described in this publication,” said the company, “the data recovered by the threat actor was limited to basic commercial information and largely available to a large extent, such as commercial names and contact details.”
“Commercial information available publicly”
Shinyhunters is a threat actor who addresses the instances of the corporate sales force, by impersonating the company’s staff and calling him support by phone.
During the call, they tell the IT technician that he lost access to his work platform and manages to convince them to change the login credentials.
Although trivial sounds, the technique seems to be working quite well, since multiple organizations have recently reported that they lost confidential data to the same group, in the same way.
Google did not say how many companies were affected by rape, and refused to comment more. We do not know if Shinyhunters contacted a rescue demand in exchange for destroying stolen files.
Currently, Shinyhunters is one of the most active threat actors, and probably among the most successful.
In recent weeks, the group managed to break into Pandora and the Allianz Life insurance giant, and has also received credit for infractions in AT&T, Santander, Ticketmaster and many others.
The group does not implement an encrucador, and focuses rather on the exfiltration of data, which makes it one of several ransomware groups that have recently revolved from encryption files, a process that is apparently expensive and slow.
Through Techcrunch
