- Gmail users could be affected in the Shinyhunters attack campaign
- Google has warned those who can be vulnerable
- This campaign has addressed a large number of companies
A Google warning has outlined a prolific group of piracy, Shinyhunters, has taken advantage of Gmail to attack users. Google’s threat intelligence report reveals that the group agreed to the data during a small window, which could leave exposed users.
About 2,500 million users were urged to restore their passwords and tighten their safety after the contact information of small and medium enterprises was accessed. The information was publicly available, typically names and contact data, but this still leaves something vulnerable to Phishing attacks.
Since then, Google has notified those affected by the incident by email, but those whose data were committed must be attentive to social engineering and extortion attacks. These incidents generally involve an email or called to employees of victims organizations that demand great sums of Bitcoin.
Phishing risk
The violation comes from the theft of Shinyhunter data through a corporate instance of Salesforce, confirmed by the company. Salesforce was attacked by the group, which passed through the company’s staff and contacted IT support services to get access.
“In June, one of the instances of Google’s corporate sales force was affected by a similar activity of UNC6040 described in this publication,” said the company, “the data recovered by the threat actor was limited to basic commercial information and largely available to a large extent, such as commercial names and contact details.”
Shinyhunters is a group of extremely successful threats, recently attacking Santander, AT&T and the Allianz insurance giant. But, Google does not believe they have yet done;
“We believe that the threat actors used by the ‘Shinyhunters’ brand may be preparing to increase their extortion tactics by launching a data leakage site (DLS),” confirms the report.
“These new tactics are likely to intend to increase pressure on victims, including those associated with recent data related to Salesforce. We continue to monitor this actor and provide updates as appropriate.”
