Unauthorized Access to Workday's CRM: Hackers Steal Business Contact Information through Social Engineering Tactics
In a concerning development, cybercrime gangs Scattered Spider, ShinyHunters, and Lapsus$ have reportedly formed a collaboration, operating under the name "Scattered LAPSUS$ Hunters" in a shared Telegram channel. This alliance is said to be coordinating attacks on high-profile targets, including luxury brands like Victoria's Secret, Gucci, and Chanel, government agencies in various countries, and even the US Department of Homeland Security [1].
The collaboration involves stealing data from businesses' networks and extorting payments, with the development of a ransomware-as-a-service (RaaS) tool called "ShinySpider" or "ShinySp1d3r" boasting encryption speeds up to 1 GB per second [1].
However, it's important to note that, at present, there are no public reports indicating that the Workday CRM platform has been compromised as part of these activities. The major documented activities involve retail chains, government bodies, and luxury brands, but no direct reference to Workday has been found [1][2][5].
Recently, Workday admitted that attackers had gained access to one of its third-party CRM platforms. The company acted quickly to cut off the access and added extra safeguards to protect against similar incidents in the future. The attackers posed as HR or IT personnel to gain access to the CRM platform, and the loot appears to be limited to commonly available business contact information, such as names, email addresses, and phone numbers [5].
It's reassuring to know that there is no indication that customer data stored inside Workday's flagship SaaS apps was obtained. The UK government is also actively trying to curb ransomware payments, and other active ransomware groups like Akira, Clop, Qilin, and RansomHub remain highly active but are not noted as collaborating with Scattered Spider et al. [2][4].
Workday has informed its customers and partners so they can protect themselves from similar campaigns. The trend toward cybercrime gangs potentially collaborating with violent organized crime groups is emerging but not yet concretely established [3].
In summary, while these gangs are jointly targeting multiple high-profile entities, the Workday CRM platform breach is not currently reported as part of their activities. All signs show that Workday's customers' Workday data remains secure.
Read also:
- Mandated automobile safety technologies in the EU may be deemed "irrational," "erratic," and potentially dangerous, experts caution.
- New study reveals that Language Models can execute complex assaults independent of human intervention
- Cybercriminals struck once more, allegedly Lazarus group, causing a $23 million loss to a UK-registered cryptocurrency platform.
- Upgraded advisory from CISA and Microsoft on security weakness in Exchange Server
