THREAT OPS › Threat News › Defending SaaS-based applications against ShinyHunters OAuth abuse
Defending SaaS-based applications against ShinyHunters OAuth abuse
<aside class="table-of-contents-block accordion wp-block-bloginabox-theme-table-of-contents" id="accordion-47157a72-58e0-48a9-a22b-693a091296cc"> <button class="btn btn-collapse" type="button"> <span class="table-of-contents-block__label">In this article</span> <span class="table-of-contents-block__current"></span>
<svg class="table-of-contents-block__arrow" fill="none" height="11" viewBox
MITRE ATT&CK techniques
- IP AddressesT1590.005
- Supply Chain CompromiseT1195
- Exfiltration Over Web ServiceT1567
- Web ServiceT1102
- Steal Application Access TokenT1528
- Credential StuffingT1110.004
- Spearphishing VoiceT1566.004
- Social MediaT1593.001
- Customer Relationship Management SoftwareT1213.004
- CredentialsT1589.001
- Cloud Application IntegrationT1671
- Data from Information RepositoriesT1213
- Application Access TokenT1550.001
- Data from Information RepositoriesAML.T0036
- Application Access TokenAML.T0091.000
Indicators of compromise
- https://trust.salesloft.com/a/659c728a-e351-4d28-a690-7395f99cdc80?lng=enurl
- https://www.gainsight.com/blog/supporting-our-customers-and-community-an-update-on-the-recent-security-advisory-related-to-gainsight/url
- https://klue.com/blog/an-update-on-recent-klue-security-incidenturl
- https://www.salesforce.com/platform/shield/url
- https://www.salesforce.com/blog/data-breach-prevention-strategy/url
- https://www.salesforce.com/blog/protecting-your-data-essential-actions-to-secure-experience-cloud-guest-user-access/url
- https://help.salesforce.com/s/articleView?id=005229030&type=1url
- https://microsoft.github.io/zerotrustassessment/url
- 138.226.246.94ipv4
- 212.86.125.24ipv4
- 213.111.148.90ipv4
- 94.154.32.160ipv4
- 103.75.11.78ipv4
- 103.75.11.110ipv4