Vishing and SSO Abuse in Rapid Extortion Attacks

Colleagues, a cybersecurity alert: groups are conducting rapid extortion attacks within SaaS.
- CrowdStrike, Mandiant and Unit 42 describe Cordial Spider and Snarky Spider clusters using vishing and AiTM pages to intercept SSO.
- Attackers phish MFA, register new devices, delete notifications and escalate privileges to access Google Workspace, SharePoint, Salesforce.
- Operations inside trusted SaaS reduce traces and accelerate exfiltration — leaks can begin in under an hour.
Why it matters: compromising the IdP grants access to all connected services — protect SSO and MFA, and train staff.
What measures do you prioritise to protect SSO?
#cybersecurity #SaaS #SSO #vishing


Latest comments
No comments yet.