Scattered Lapsus$ Hunters Take Aim At Zendesk Users

Description

A new campaign potentially linked to the Scattered Lapsus$ Hunters group is targeting Zendesk users. Over 40 typosquatted Zendesk domains have been discovered, featuring organizations' names or brands. These domains host phishing pages designed to harvest credentials. The campaign also involves submitting fraudulent tickets to Zendesk portals, aiming to infect support staff with remote access trojans. This follows similar attacks on other SaaS platforms like Salesforce. Discord may already be a victim, having suffered a breach via its Zendesk-based support system. Organizations are advised to implement strong authentication measures, conduct domain monitoring, and secure Zendesk chat to mitigate risks.