Security News > 2021 > August > Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group
ShinyHunters, a notorious cybercriminal underground group that's been on a data breach spree since last year, has been observed searching companies' GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers' modus operandi has revealed.
"As Pokémon players hunt and collect"shiny" characters in the game, ShinyHunters collects and resells user data.
Since rising to prominence in April 2020, ShinyHunters has claimed responsibility for a string of data breaches, including Tokopedia, Wattpad, Pixlr, Bonobos, BigBasket, Mathway, Unacademy, MeetMindful, and Microsoft's GitHub account, among others.
ShinyHunters has a checkered history of compromising websites and developer repositories to steal credentials or API keys to a company's cloud services, which are subsequently abused to gain access to databases and gather sensitive information to be resold for profit or published for free on hacker forums.
"ShinyHunters may not have as much notoriety as the ransomware groups that are currently causing havoc for enterprises all over the world. However, tracking actors like this are crucial to preventing your enterprise from being hit with such an attack," the researchers said.
"The information ShinyHunters gathers is often turned around and sold on the same underground marketplaces where ransomware actors use it to launch their own attacks. If enterprises can move to detect activity like ShinyHunters, they in turn can stop ransomware attacks before they are ever launched."