• Home
  • cyber
  • Canva, Adyen, Atlassian, HubSpot, Epic Games, Moderna, GameStop, ZoomInfo, WeWork, Halliburton, Betterment, Sonos and Telstra: Over 100 Organizations Targeted in ShinyHunters Phishing Campaign
cyber Cyber Attack

Canva, Adyen, Atlassian, HubSpot, Epic Games, Moderna, GameStop, ZoomInfo, WeWork, Halliburton, Betterment, Sonos and Telstra: Over 100 Organizations Targeted in ShinyHunters Phishing Campaign

Dec 28, 2025 3 min read
Canva, Adyen, Atlassian, HubSpot, Epic Games, Moderna, GameStop, ZoomInfo, WeWork, Halliburton, Betterment, Sonos and Telstra: Over 100 Organizations Targeted in ShinyHunters Phishing Campaign

ShinyHunters-Linked Cybercrime Campaign Targets Over 100 Major Organizations

A recent cybercrime campaign attributed to the ShinyHunters group has targeted at least 100 organizations across multiple sectors, including software, finance, healthcare, and energy, according to cybersecurity firm Silent Push. Over the past 30 days, threat actors registered fake domains impersonating high-profile companies such as Atlassian, Adyen, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, GameStop, WeWork, Halliburton, Sonos, and Telstra.

The attackers employed voice phishing (vishing) tactics to compromise single sign-on (SSO) accounts, particularly those using Okta and other identity platforms. Using specialized phishing kits, they intercepted credentials and manipulated victims into bypassing multi-factor authentication (MFA) by convincing them to approve push notifications or submit one-time passcodes (OTPs). Okta described the attacks as involving real-time session orchestration, where threat actors guided victims through the authentication process via verbal instructions.

While Silent Push identified the infrastructure used in the campaign, it remains unclear whether the attacks successfully breached any systems. However, ShinyHunters has claimed responsibility for data breaches at companies like Betterment, Crunchbase, and SoundCloud, all of which confirmed incidents. The group allegedly stole millions of records from these organizations as part of the Okta SSO vishing campaign.

Silent Push attributes the campaign to Scattered LAPSUS$ Hunters, a collective formed last year by members of Lapsus$, Scattered Spider, and ShinyHunters, based on observed tactics, techniques, and procedures (TTPs). The incident follows recent warnings from Google and others about rising vishing and phishing attacks targeting identity platforms.

Source: https://www.securityweek.com/over-100-organizations-targeted-in-shinyhunters-phishing-campaign/

Canva cybersecurity rating report: https://www.rankiteo.com/company/canva

Adyen cybersecurity rating report: https://www.rankiteo.com/company/adyen

Atlassian cybersecurity rating report: https://www.rankiteo.com/company/atlassian

HubSpot cybersecurity rating report: https://www.rankiteo.com/company/hubspot

Epic Games Fortnite cybersecurity rating report: https://www.rankiteo.com/company/epic-games-fortnite

Moderna cybersecurity rating report: https://www.rankiteo.com/company/modernatx

GameStop cybersecurity rating report: https://www.rankiteo.com/company/gamestop

ZoomInfo cybersecurity rating report: https://www.rankiteo.com/company/zoominfo

WeWork cybersecurity rating report: https://www.rankiteo.com/company/wework

Halliburton cybersecurity rating report: https://www.rankiteo.com/company/halliburton

Betterment cybersecurity rating report: https://www.rankiteo.com/company/betterment

Sonos cybersecurity rating report: https://www.rankiteo.com/company/sonos

Telstra cybersecurity rating report: https://www.rankiteo.com/company/telstra

"id": "CANADYATLHUBEPIMODGAMZOOWEWHALBETSONTEL1769527593",
"linkid": "canva, adyen, atlassian, hubspot, epic-games-fortnite, modernatx, gamestop, zoominfo, wework, halliburton, betterment, sonos, telstra",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Atlassian',
                        'type': 'Software'},
                       {'industry': 'Finance',
                        'name': 'Adyen',
                        'type': 'Financial Services'},
                       {'industry': 'Technology',
                        'name': 'Canva',
                        'type': 'Software'},
                       {'industry': 'Gaming',
                        'name': 'Epic Games',
                        'type': 'Software'},
                       {'industry': 'Marketing/Technology',
                        'name': 'HubSpot',
                        'type': 'Software'},
                       {'industry': 'Healthcare',
                        'name': 'Moderna',
                        'type': 'Pharmaceutical'},
                       {'industry': 'Technology/Sales Intelligence',
                        'name': 'ZoomInfo',
                        'type': 'Software'},
                       {'industry': 'Gaming/Retail',
                        'name': 'GameStop',
                        'type': 'Retail'},
                       {'industry': 'Commercial Real Estate',
                        'name': 'WeWork',
                        'type': 'Real Estate'},
                       {'industry': 'Oil and Gas',
                        'name': 'Halliburton',
                        'type': 'Energy'},
                       {'industry': 'Consumer Electronics',
                        'name': 'Sonos',
                        'type': 'Hardware'},
                       {'industry': 'Telecom',
                        'name': 'Telstra',
                        'type': 'Telecommunications'},
                       {'industry': 'Finance',
                        'name': 'Betterment',
                        'type': 'Financial Services'},
                       {'industry': 'Business Intelligence',
                        'name': 'Crunchbase',
                        'type': 'Software'},
                       {'industry': 'Music/Technology',
                        'name': 'SoundCloud',
                        'type': 'Software'}],
 'attack_vector': 'Voice Phishing (Vishing), Phishing Kits, MFA Bypass (Push '
                  'Notifications, OTPs)',
 'data_breach': {'data_exfiltration': 'Alleged (data sold on dark web)',
                 'number_of_records_exposed': 'Millions (alleged)',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (PII, credentials)',
                 'type_of_data_compromised': 'Personally Identifiable '
                                             'Information (PII), Credentials, '
                                             'Business Data'},
 'description': 'A recent cybercrime campaign attributed to the ShinyHunters '
                'group has targeted at least 100 organizations across multiple '
                'sectors, including software, finance, healthcare, and energy. '
                'The attackers employed voice phishing (vishing) tactics to '
                'compromise single sign-on (SSO) accounts, particularly those '
                'using Okta and other identity platforms. Using specialized '
                'phishing kits, they intercepted credentials and manipulated '
                'victims into bypassing multi-factor authentication (MFA). The '
                'group allegedly stole millions of records from companies like '
                'Betterment, Crunchbase, and SoundCloud as part of the Okta '
                'SSO vishing campaign.',
 'impact': {'data_compromised': 'Millions of records allegedly stolen',
            'identity_theft_risk': 'High (PII and credentials compromised)',
            'systems_affected': 'SSO accounts (Okta and other identity '
                                'platforms)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Alleged',
                           'entry_point': 'Fake domains impersonating '
                                          'high-profile companies, SSO '
                                          'accounts (Okta)',
                           'high_value_targets': 'SSO accounts, MFA-protected '
                                                 'systems',
                           'reconnaissance_period': '30 days (domain '
                                                    'registration)'},
 'investigation_status': 'Ongoing (infrastructure identified, breach success '
                         'unclear)',
 'motivation': 'Data Theft, Financial Gain, Credential Harvesting',
 'post_incident_analysis': {'root_causes': 'Vishing attacks, MFA manipulation, '
                                           'phishing kits, lack of awareness'},
 'references': [{'source': 'Silent Push'}, {'source': 'Okta'}],
 'response': {'third_party_assistance': 'Silent Push (cybersecurity firm)'},
 'threat_actor': 'ShinyHunters, Scattered LAPSUS$ Hunters (collective of '
                 'Lapsus$, Scattered Spider, and ShinyHunters)',
 'title': 'ShinyHunters-Linked Cybercrime Campaign Targets Over 100 Major '
          'Organizations',
 'type': 'Phishing (Vishing), Data Breach, Credential Theft',
 'vulnerability_exploited': 'Single Sign-On (SSO) accounts (Okta and other '
                            'identity platforms), MFA manipulation'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.