216.73.216.170

Scattered Lapsus$ Hunters Take Aim At Zendesk Users

· Published 27/11/2025 14:13 · Modified 21/12/2025 18:08

Export JSON

Essential information

Published
27/11/2025 14:13
Modified
21/12/2025 18:08
Tags
2025-11-27 credential harvesting customer service phishing remote access trojans saas platforms typosquatting zendesk
Related entities
1 intrusion sets (apt), 6 techniques (mitre), 1 malware, 3 others

Description

A new campaign potentially linked to the Scattered Lapsus$ Hunters group is targeting users. Over 40 typosquatted domains have been discovered, featuring organizations' names or brands. These domains host pages designed to harvest credentials. The campaign also involves submitting fraudulent tickets to portals, aiming to infect support staff with . This follows similar attacks on other like Salesforce. Discord may already be a victim, having suffered a breach via its -based support system. Organizations are advised to implement strong authentication measures, conduct domain monitoring, and secure chat to mitigate risks.

External references