Threats Tagged 'saas abuse'
View all threats tagged with 'saas abuse'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'saas abuse'
Click on any threat for detailed analysis and mitigation recommendations
Operation Fake KickOff: Attackers Abuse Recruiters and SaaS to Harvest Work Credentials 0 Operation Fake KickOff is a sophisticated phishing campaign active since April 2025 that abuses legitimate SaaS platforms and cloud services to steal corporate credentials. The attackers impersonate human resources consulting firms, notably Robert Half Inc. and Aquent LLC, using 232 phishing domains and 80 command-and-control servers. They send emails via trusted platforms like Salesforce, SendGrid, and Zoho, directing victims to fake Calendly interview pages. The campaign employs an adversary-in-the-middle toolkit with browser-in-the-box techniques to create convincing Google sign-in replicas that harvest credentials and bypass multi-factor authentication (MFA) methods including email, SMS, Google Authenticator, and prompt notifications. The operation targets corporate email accounts exclusively, excluding personal email providers, and exfiltrates stolen data to Render-hosted servers and Telegram bots. Join the discussion | AlienVault OTX General | 07/15/2026, 20:49:51 UTC Added: 07/15/2026, 22:03:24 UTC |
Showing 1 to 1 of 1 result