- ShinyHunters threaten ZenBusiness with deadline to leak stolen data
- Group likely accessed internal company files via vishing and platform compromise
- ZenBusiness joins long list of ShinyHunters victims, including Infinite Campus, Telus, and Crunchyroll
The infamous ShinyHunters ransomware actors have given ZenBusiness one “final warning” before leaking terabytes of stolen data.
Cybernews reported ShinyHunters added ZenBusiness to its data leak site and gave a deadline of March 25 to receive a ransom payment or leak data and create “several annoying (digital) problems” for the company.
ZenBusiness is a US-based platform that helps entrepreneurs launch and run small businesses, offering LLC formation, compliance, and back-office tools. Its customers are freelancers, startups, and small business owners, and it generates an estimated $75 million in annual revenue.
Dulling the competitive blade
For the past year, ShinyHunters have been an incredibly active threat actor. Security researchers said the group often engages in vishing (voice phishing), calling employees at target companies and posing as IT security staff.
In these calls, they are asking for remote access to their targets’ devices, in order to “fix a problem” or sort a 2FA issue.
After being granted the access, they often access different platforms such as Salesforce or Snowflake, through which they are able to exfiltrate sensitive data and then extort the victims for money. While neither side confirmed the nature of the data stolen, security researchers from Cybernews said the files were “probably internal company data.”
“The hackers [...] could potentially reveal customer or employee information such as PII, the type of businesses that were set up with the platform,” the researchers said in a press release shared with TechRadar Pro.” The breach could expose internal company operations as well, which can reduce ZenBusiness’s competitive advantage.”
ZenBusiness is just the next in a long line of ShinyHunters victims. Just two days ago, it was reported that 11 million people were affected after the group stole files from Infinite Campus, and before that it was Telus Digital, Wynn Resorts, Crunchyroll, and many others.
