VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Vishing and SSO Abuse in Rapid Extortion Attacks

Вишинг и злоупотребление SSO в быстрых вымогательских атаках

Colleagues, a cybersecurity alert: groups are conducting rapid extortion attacks within SaaS.

- CrowdStrike, Mandiant and Unit 42 describe Cordial Spider and Snarky Spider clusters using vishing and AiTM pages to intercept SSO.
- Attackers phish MFA, register new devices, delete notifications and escalate privileges to access Google Workspace, SharePoint, Salesforce.
- Operations inside trusted SaaS reduce traces and accelerate exfiltration — leaks can begin in under an hour.

Why it matters: compromising the IdP grants access to all connected services — protect SSO and MFA, and train staff.

What measures do you prioritise to protect SSO?

#cybersecurity #SaaS #SSO #vishing

Latest comments

No comments yet.