Unauthorized access to Workday's CRM system: Hackers steal business contact data following social engineering techniques
A trio of cybercrime gangs - Scattered Spider, ShinyHunters, and Lapsus$ - have reportedly formed an alliance, sharing stolen data, vendor lists, and breaching networks to extort payments from businesses. This collaboration has seen these groups target well-known companies such as Victoria's Secret, Gucci, Chanel, and Neiman Marcus, as well as government agencies in the US, England, France, Brazil, and India [1].
The gangs have also announced plans for a ransomware-as-a-service (RaaS) operation named "ShinySpider," claiming exceptionally fast encryption speeds for data-locking malware [1]. Separately, ransomware gangs like Chaos RaaS, which emerged from members of the dismantled BlackSuit gang, focus primarily on US targets through big-game hunting and double extortion [2].
Their methods include social engineering via spam and voice calls, abuse of remote management tools, and multi-threaded selective encryption designed to evade detection and maximize damage. They demand significant ransoms, such as $300,000, and provide detailed penetration reports upon payment [2].
In addition to digital collaboration between crime gangs, there is a growing convergence of cyber and physical criminal tactics. Drug cartels and mafias use cryptocurrencies to launder money and may potentially collaborate with ransomware groups to enforce extortion through physical threats or violence, increasing the complexity and severity of attacks [3].
Ransomware groups are also leveraging AI-driven techniques to enhance social engineering (e.g., CEO impersonation through deepfakes in business email compromise) and exploit collaboration platforms to bypass defenses. Attackers have shifted tactics over the first half of 2025 toward more phishing and targeted social engineering attacks rather than traditional malware blitzes [4].
Competition and collaboration dynamics among ransomware gangs are fluid. For example, after the takedown of some groups like LockBit and RansomHub, others such as Qilin and DragonForce have moved to recruit their affiliates and expand operations, sometimes integrating new capabilities like DDoS or negotiation consulting [5].
Workday Data Breach
Recently, Workday, a leading provider of cloud-based financial management and human resources software, has informed its customers and partners about a sophisticated social engineering scam. The attackers posed as HR or IT personnel to gain access to one of Workday's third-party CRM platforms, obtaining "some information" from the unnamed system [6].
However, all signs show that Workday's customers' data remains secure, and there was no indication that customer data stored inside Workday's flagship SaaS apps was obtained [6]. The attackers' loot appears to be limited to primarily commonly available business contact information, like names, email addresses, and phone numbers [6].
Workday acted quickly to cut the access and added extra safeguards to protect against similar incidents in the future [6]. The company has also adopted additional security measures internally to protect its own employees [6].
In conclusion, the collaboration between cybercrime gangs and the convergence of cyber and physical tactics pose a significant threat to businesses and governments worldwide. It is essential for organisations to stay vigilant, adopt robust security measures, and stay informed about the latest threats and attack patterns to protect themselves effectively.
[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4] [5] [Source 5] [6] [Source 6]
Read also:
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Insecure coding practices permeate numerous businesses, potentially leading to significant future difficulties in ensuring system safety.
- Allocating €33 million to combat cyber threats in Latvia
- Chicago Sports Network assigns significant task to Mobile TV Group's 56FLEX for broadcasting sports events
