ShinyHunters, a infamous cybercriminal underground group that is been on a knowledge breach spree since final 12 months, has been noticed looking corporations’ GitHub repository supply code for vulnerabilities that may be abused to stage bigger scale assaults, an evaluation of the hackers’ modus operandi has revealed.
“Primarily working on Raid Boards, the collective’s moniker and motivation can partly be derived from their avatar on social media and different boards: a shiny Umbreon Pokémon,” Intel 471 researchers mentioned in a report shared with The Hacker Information. “As Pokémon gamers hunt and gather “shiny” characters within the recreation, ShinyHunters collects and resells person knowledge.”
The revelation comes because the average cost of a data breach rose from $3.86 million to $4.24 million, making it the very best common value in 17 years, with compromised credentials chargeable for 20% of the breaches reported by over 500 organizations.
Since rising to prominence in April 2020, ShinyHunters has claimed duty for a string of data breaches, together with Tokopedia, Wattpad, Pixlr, Bonobos, BigBasket, Mathway, Unacademy, MeetMindful, and Microsoft’s GitHub account, amongst others.
An evaluation by Threat Primarily based Safety found that the risk actor has uncovered a complete of greater than 1.12 million distinctive e mail addresses belonging to S&P 100 organizations, training, authorities and army entities as of late 2020.
Final week, the group started selling a database purportedly containing the non-public info of 70 million AT&T prospects for a beginning worth of $200,000, though the U.S. telecom supplier has denied struggling a breach of its programs.
ShinyHunters has a checkered historical past of compromising web sites and developer repositories to steal credentials or API keys to an organization’s cloud companies, that are subsequently abused to realize entry to databases and collect delicate info to be resold for revenue or revealed without spending a dime on hacker boards.
The adversary has additionally been noticed concentrating on DevOps personnel or GitHub repositories with a purpose to steal legitimate OAuth tokens, leveraging them to breach cloud infrastructure and bypass any two-factor authentication mechanisms.
“ShinyHunters might not have as a lot notoriety because the ransomware teams which might be at present inflicting havoc for enterprises all around the world. Nonetheless, monitoring actors like this are essential to stopping your enterprise from being hit with such an assault,” the researchers mentioned.
“The data ShinyHunters gathers is commonly circled and bought on the identical underground marketplaces the place ransomware actors use it to launch their very own assaults. If enterprises can transfer to detect exercise like ShinyHunters, they in flip can cease ransomware assaults earlier than they’re ever launched.”