Key Findings Mandiant has identified an "expansion in threat activity" using tactics consistent with extortion-themed attacks orchestrated by the ShinyHunters hacking group The attacks leverage advanced voice phishing (vishing) and fake credential harvesting sites to gain unauthorized access to victim environments by collecting sign-on (SSO) credentials and multi-factor authentication (MFA) codes The end goal is to target cloud-based software-as-a-service (SaaS) applications
