{"id":181732,"date":"2026-01-26T12:01:00","date_gmt":"2026-01-26T17:01:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/26\/cybercrime-group-claims-credit-for-voice-phishing-attacks\/"},"modified":"2026-01-26T12:05:07","modified_gmt":"2026-01-26T17:05:07","slug":"cybercrime-group-claims-credit-for-voice-phishing-attacks","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/26\/cybercrime-group-claims-credit-for-voice-phishing-attacks\/","title":{"rendered":"Cybercrime group claims credit for voice phishing attacks"},"content":{"rendered":"

Cybercrime group claims credit for voice phishing attacks<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/cybercrime-group-voice-phishing-attacks-Okta\/810493\/<\/a><\/p>\n

Publish Date: 2026-01-26 12:01:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

The cybercrime group ShinyHunters is claiming credit for at least five attacks related to a voice phishing campaign that previously was disclosed by security researchers at Okta.\u00a0
\nOkta warned Thursday that a social engineering campaign using custom phishing kits was targeting Google, Microsoft and Okta environments using voice phishing techniques.\u00a0
\nThe phishing kits were capable of intercepting user credentials and persuading targeted users to skip multifactor authentication.
\nSecurity researcher Alon Gal confirmed with Cybersecurity Dive that he was contacted by ShinyHunters last week with claims they had extorted at least three companies in connection with the voice phishing campaign. The claim involved three specific companies, however, Cybersecurity Dive is still working to confirm those claims with the companies.\u00a0
\nThe initial contact was made after a story posted on Bleeping Computer about the Okta disclosures. That report said Okta single sign-on accounts were targeted in the attacks.\u00a0
\nOn Monday, Gal said the claim now includes five companies.\u00a0
\nResearchers from Sophos told Cybersecurity Dive they are tracking a cluster of about 150 domains created in December and used in voice phishing campaigns leading to data theft and extortion demands.\u00a0<\/p>\n

\u201cWe can\u2019t confirm that they have all been used, but the threat actors are creating target-specific domains, themed to reflect single sign-on services and impersonating authentication providers like Okta,\u201d Rafe Pilling, director of threat intelligence at Sophos\u2019s Counter Threat Unit, told Cybersecurity Dive.\u00a0
\nResearchers at Google Threat Intelligence Group confirmed they are tracking the threat activity. They were unable to share details. A post by one of the researchers initially referenced the activity, but was later deleted.\u00a0
\nA Google spokesperson said neither Google nor any of its products were affected by the social engineering campaign.\u00a0
\nA representative for Okta said the company did not have any specific information on any investigation by Google researchers. The representative said if Google was looking into these attacks it would be at the request of a compromised organization, not from Okta.\u00a0
\n\u201cOkta Threat Intelligence routinely shares threat research to help companies protect against evolving social engineering techniques,\u201d the representative told Cybersecurity Dive in a statement. \u201cWhile Okta\u2019s platform and services remain secure, Okta is calling attention to these evolving techniques to help raise awareness and support stronger defenses for customers.\u201d
\nA spokesperson for Microsoft said the company had nothing to share at the moment, but would provide future updates, if warranted.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Cybercrime group claims credit for voice phishing attacks https:\/\/www.cybersecuritydive.com\/news\/cybercrime-group-voice-phishing-attacks-Okta\/810493\/ Publish Date: 2026-01-26 12:01:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":181733,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/tJcQND7y1Rub4sehryhr-z_s9Swzf3gMNfyNZxasokU\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy04MDgxNTc4MzIuanBn.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,25],"class_list":["post-181732","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/181732"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=181732"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/181732\/revisions"}],"predecessor-version":[{"id":181734,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/181732\/revisions\/181734"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/181733"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=181732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=181732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=181732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}