Silent Push reports:
A massive identity-theft campaign is currently active, targeting Okta Single Sign-On (SSO) and other SSO platform accounts across 100+ high-value enterprises.
Silent Push has identified a surge in infrastructure deployment that mirrors the TTPs (Tactics, Techniques, and Procedures) of SLSH—a predatory alliance between Scattered Spider, LAPSUS$, and ShinyHunters. This isn’t a standard automated spray-and-pray attack; it is a human-led, high-interaction voice phishing (“vishing”) operation designed to bypass even hardened Multi-Factor Authentication (MFA) setups.
The Threat: SLSH “Supergroup”
SLSH (Scattered LAPSUS$ Hunters) is an aggressive cybercrime group that emerged from “The Com” ecosystem. By merging Scattered Spider’s social engineering expertise with LAPSUS$’ extortion models, they have created a sophisticated initial access strategy that targets enterprise organizations through their identity providers.
The primary infrastructure being used is a new “Live Phishing Panel.” This allows a human attacker to sit in the middle of a login session, intercepting credentials and MFA tokens in real-time to gain immediate, persistent access to corporate dashboards.
Read more at Silent Push, where they provide a list of the group’s targets for the last 30 days and preventive steps to take immediately.
Related: Canva among ~100 targets of ShinyHunters Okta identity-theft campaign
