Intel 471 researchers detailed the operations and tactics of the ShinyHunters, an underground group that’s been attacking companies since last year. Its attacks focus on stealing sensitive data.
The group has recently been looking for weaknesses in the GitHub repository source code that can be exploited to launch more sophisticated attacks leading to a data breach, according to Intel 471.
ShinyHunters is a hacker group that has been known to compromise websites and expose sensitive information to the public. It uses various techniques to steal credentials or API keys and steal sensitive information to be sold on hacker forums.
“Primarily operating on Raid Forums, the collective’s moniker and motivation can partly be derived from their avatar on social media and other forums: a shiny Umbreon Pokémon,” Intel 471 researchers said in a report. “As Pokémon players hunt and collect “shiny” characters in the game, ShinyHunters collects and resells user data.”
The cost of a data breach has reached its highest level in 17 years, now at $4.24 million, with over 500 organizations experiencing the issue. According to researchers, compromised credentials are responsible for approximately 20% of all breaches.
Since its appearance in April 2020, ShinyHunters claimed responsibility for multiple data breaches that affected various companies such as Bonobos, Wattpad, Pixlr, Unacademy, Reddit, and Microsoft.
According to Risk Based Security, the attacker had stolen over a million email addresses belonging to various organizations, including government agencies, universities, and military branches.
Last week, a group claiming to have the personal information of over 70 million AT&T customers and were selling the database for $200,000.
The adversary has also targeted DevOps staff or GitHub repositories in order to steal valid OAuth tokens.
“ShinyHunters may not have as much notoriety as the ransomware groups that are currently causing havoc for enterprises all over the world. However, tracking actors like this are crucial to preventing your enterprise from being hit with such an attack,” the researchers said.
“The information ShinyHunters gathers is often turned around and sold on the same underground marketplaces where ransomware actors use it to launch their own attacks. If enterprises can move to detect activity like ShinyHunters, they in turn can stop ransomware attacks before they are ever launched.”