Scattered Lapsus$ Hunters may be circling Zendesk users for its latest extortion campaign, with new phishing domains and weaponized helpdesk tickets uncovered by ReliaQuest.

Researchers say they found more than 40 typosquatted and impersonation domains – names like "znedesk.com" or "vpn-zendesk.com" – designed to mirror Zendesk's portals over the past six months. Some host fake single sign-on (SSO) pages aimed at harvesting credentials, while others are used to submit fraudulent tickets to helpdesk staff.

All share common registration hallmarks – the same registrar (NiceNic), US or UK contact details, and Cloudflare-masked nameservers – a profile almost identical to that of a previous impersonation campaign targeting Salesforce. That similarity leads security watchers to suspect the same

See Full Page