ReliaQuest warns that the cybercriminal collective “Scattered Lapsus$ Hunters” appears to be using social engineering attacks to target organizations’ Zendesk instances.
This group was behind a widespread campaign earlier this year that used voice phishing attacks to compromise dozens of companies’ Salesforce portals.
“ReliaQuest’s Threat Research team identified Zendesk-related domains, including more than 40 typosquatted domains and impersonating URLs, created within the past six months,” the researchers write.
“These domains, such as znedesk[.]com or vpn-zendesk[.]com, are clearly designed to mimic legitimate Zendesk environments. Some host phishing pages, like fake single sign-on (SSO) portals that appear before Zendesk authentication. It’s a classic tactic probably aimed at stealing credentials from unsuspecting users. We also identified Zendesk-related impersonating domains that contained multiple different organizations’ names or brands within the URL, making it even more likely that unsuspecting users would trust and click on these links.”
The Scattered Lapsus$ Hunters group is very skilled in these types of social engineering attacks, and uses the access to gain a foothold within organizations. Once inside, they steal as much data as possible and attempt to extort the victims by listing them on leak sites.
“We also have evidence to suggest that fraudulent tickets are being submitted directly to legitimate Zendesk portals operated by organizations using the platform for customer service,” Reliaquest says.
“These fake submissions are crafted to target support and help-desk personnel, infecting them with remote access trojans (RATs) and other types of malware. Targeting help-desk teams with these kinds of tactics often involves well-crafted pretexts, like urgent system administration requests or fake password reset inquiries. The goal is to trick support staff into handing over credentials or compromising their endpoints.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.
ReliaQuest has the story.
With KnowBe4 Defend you can:
