banner1
Logo Blinking Image
banner2

HOME
Cyber Crime

ShinyHunters Targets Okta SSO with Vishing Attacks

by VARINDIA 2026-01-30
ShinyHunters Targets Okta SSO with Vishing Attacks

The ShinyHunters cybercrime group has launched an active and ongoing voice-phishing (vishing) campaign targeting more than 150 organizations worldwide, abusing human trust to bypass multi-factor authentication (MFA) and steal cloud credentials. The attacks focus heavily on enterprises using Okta single sign-on (SSO), a gateway to critical business systems.

ShinyHunters operators use sophisticated, real-time phishing kits powered by Socket.IO relays to impersonate trusted identity providers such as Okta, Microsoft, and Google. Victims receive convincing phone calls that create urgency—often posing as IT or security teams—prompting employees to disclose login credentials or approve MFA push requests. Once access is gained, attackers rapidly exfiltrate data from platforms like Microsoft 365, Salesforce, and Google Workspace before issuing extortion demands.

Security researchers estimate over 150 domains have been targeted, including organizations linked to Atlassian, Canva, Epic Games, HubSpot, Moderna, SoundCloud, WeWork, Crunchbase, and Betterment. The affected sectors span technology, finance, healthcare, and SaaS. Okta has warned that these phishing kits are now being sold “as a service,” dramatically lowering the barrier for large-scale abuse.

SSO platforms act as master keys, unlocking entire enterprise ecosystems—from email and CRM systems to collaboration tools. While MFA is widely deployed, ShinyHunters exploits human behavior, socially engineering users to approve access or bypass number-matching protections. Okta threat intelligence reports a sharp rise in vishing volumes as attackers adapt to stronger browser-based defenses.

Indian IT services firms and BPOs, including major Okta users, face heightened exposure under India’s DPDP Act, where breaches carry strict reporting and compliance obligations. The growing use of AI-powered deepfake voice attacks further amplifies the threat.

Experts recommend shifting from push-based MFA to FIDO2 passkeys, conducting regular vishing simulations, tightening Okta adaptive MFA policies, monitoring known indicators of compromise, and enforcing zero-trust segmentation.

ShinyHunters’ campaign underscores a stark reality: social engineering now outpaces technical exploits. As AI-driven vishing scales, enterprises must strengthen the human layer of cybersecurity as rigorously as their technology stack.

 
 
er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
NETSCOUT Strengthens Resiliency and Responsiveness with Advanced Observability Features

NETSCOUT Strengthens Resiliency and Responsiveness with Advanced Observability Features

India emerges as global leader in identity security with MFA adoption nearing 90%

India emerges as global leader in identity security with MFA adoption nearing 90%

Kaspersky detected a scam exploiting OpenAI's teamwork features

Kaspersky detected a scam exploiting OpenAI's teamwork features

SOFTWARE
View All
ServiceNow Partners with Anthropic to enable trusted AI applications for enterprises

ServiceNow Partners with Anthropic to enable trusted AI applications for enterprises

HCLTech and Guardian partner to accelerate AI-driven technology transformation journey

HCLTech and Guardian partner to accelerate AI-driven technology transformation journey

Wipro and Factory to accelerate agent-native software development for enterprises

Wipro and Factory to accelerate agent-native software development for enterprises

START - UP
View All
FaceOff: The Data Lineage Company Towards Trusted, Secure and Privacy-First Data Ecosystems

FaceOff: The Data Lineage Company Towards Trusted, Secure and Privacy-First Data Ecosystems

Neokred CEO Rohith Reji secures consecutive Forbes 30 under 30 honors

Neokred CEO Rohith Reji secures consecutive Forbes 30 under 30 honors

12 Made-in-India Foundation Models Powering the India AI Impact Transformation

12 Made-in-India Foundation Models Powering the India AI Impact Transformation

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
New Relic unveils observability solution to monitor ChatGPT-powered apps

New Relic unveils observability solution to monitor ChatGPT-powered apps

AI Emerges as the Driving Force Behind Digital Growth

AI Emerges as the Driving Force Behind Digital Growth

AI Steps In as a New Frontline for Global Healthcare

AI Steps In as a New Frontline for Global Healthcare

Rupee Hits Record Low, but India’s Growth Story Stays Strong

Rupee Hits Record Low, but India’s Growth Story Stays Strong

Malaysia and Indonesia Prohibit Elon Musk’s Grok AI Over Explicit Material

Malaysia and Indonesia Prohibit Elon Musk’s Grok AI Over Explicit Material

AI Misuse Raises Red Flags Inside U.S. Cybersecurity Circles

AI Misuse Raises Red Flags Inside U.S. Cybersecurity Circles

The Darker Side of AI Dependence: Risks We Can No Longer Ignore

The Darker Side of AI Dependence: Risks We Can No Longer Ignore

Microsoft Races to Reinvent Copilot as Anthropic Gains Ground

Microsoft Races to Reinvent Copilot as Anthropic Gains Ground

China’s AI Supremacy Race: ByteDance vs Alibaba in a Flagship Showdown

China’s AI Supremacy Race: ByteDance vs Alibaba in a Flagship Showdown

Memcyco Raises $37M to Counter AI Impersonation Scams

Memcyco Raises $37M to Counter AI Impersonation Scams

dsf