Scattered Lapsus$ Hunters focused Zendesk customers by means of greater than 40 pretend domains designed to steal credentials and set up malware, safety researchers mentioned.
The pretend domains, registered over the previous six months, had the identical setup because the one used within the cybercrime group’s August assault on Salesforce, in response to a weblog publish printed this week by ReliaQuest researchers who found the marketing campaign. This implies that the group shifted its focus to Zendesk, a buyer assist platform utilized by over 100,000 organizations.
Some domains, like znedesk[.]com and vpn-zendesk[.]com, hosted pretend login pages that regarded like actual Zendesk sign-on screens, ReliaQuest mentioned. Others integrated firm names within the net handle to make the websites seem professional. “We additionally recognized Zendesk-related impersonating domains that contained a number of completely different organizations’ names or manufacturers throughout the URL, making it much more seemingly that unsuspecting customers would belief and click on on these hyperlinks,” the researchers wrote.
