Recent investigations by ReliaQuest have identified a series of suspicious domains related to Zendesk, including over 40 typosquatted variations and impersonating URLs such as http://znedesk.com and http://vpn-zendesk.com. This domain registration pattern is associated with a ransomware group known as Scattered LAPSUS$ Hunters (SLSH), who have previously targeted various sectors, including SaaS platforms like Salesforce, along with retail, insurance, and aviation industries. The attacks executed by SLSH utilize a combination of social engineering techniques and phishing campaigns, which often involve the use of typosquatted domains. To enhance their effectiveness, these threat actors employ tools like Evilginx to circumvent multifactor authentication (MFA), thereby gaining unauthorized access to sensitive accounts and systems.