Scattered Lapsus$ Hunters focused Zendesk customers via greater than 40 pretend domains designed to steal credentials and set up malware, security researchers mentioned.
The pretend domains, registered over the previous six months, had the identical setup because the one used within the cybercrime group’s August assault on Salesforce, in line with a weblog publish revealed this week by ReliaQuest researchers who found the marketing campaign. This means that the group shifted its focus to Zendesk, a buyer help platform utilized by over 100,000 organizations.
Some domains, like znedesk[.]com and vpn-zendesk[.]com, hosted pretend login pages that seemed like actual Zendesk sign-on screens, ReliaQuest mentioned. Others integrated firm names within the net handle to make the websites seem professional. “We additionally recognized Zendesk-related impersonating domains that contained a number of totally different organizations’ names or manufacturers inside the URL, making it much more seemingly that unsuspecting customers would belief and click on on these hyperlinks,” the researchers wrote.
