Zendesk Targeted in New Lapsus$ Hunters Campaign

Introduction:
Recent intelligence from ReliaQuest indicates that the Scattered Lapsus$ Hunters group is targeting Zendesk users through a sophisticated extortion campaign. Over 40 typosquatted and impersonation domains linked to this operation have been identified, posing serious threats to enterprise security.

Key Details:

• Who: ReliaQuest researchers
• What: Discovery of over 40 malicious domains mimicking Zendesk to compromise user accounts and submitted fake helpdesk tickets.
• When: Recent findings from the past six months.
• Where: Globally, targeting organizations using Zendesk’s services.
• Why: The campaign aims to exploit trust in helpdesk systems to gain unauthorized access to sensitive information.
• How: Attackers are using phishing techniques along with tickets processed through genuine Zendesk portals to deploy remote-access trojans (RATs).

Why It Matters:
This ongoing threat impacts several areas of IT infrastructure:

• Enterprise Security: Organizations relying on Zendesk must reassess their security protocols to defend against identity-based attacks.
• Helpdesk Operations: The impersonation of helpdesk systems could lead to unauthorized access, making it essential to validate ticket submissions.
• Data Protection: Any breach could expose sensitive customer data, giving attackers the potential to exploit stolen information.
• Operational Integrity: The risk highlights the need for tighter controls in SaaS tools that handle customer relationships.

Takeaway:
IT managers and system administrators should enhance their security practices by educating staff about phishing tactics and implementing stronger validation protocols for helpdesk processes. Monitoring logs and utilizing multi-factor authentication are crucial next steps.

For more curated news and infrastructure insights, visit www.trendinfra.com.