Is Zendesk Scattered Lapsus$ Hunters’ Latest Campaign Target?

ReliaQuest identified a likely campaign by the Scattered Lapsus$ Hunters collective targeting Zendesk via 40+ typosquatted/impersonating domains and fraudulent tickets that host fake SSO pages to harvest credentials and deliver RATs; the activity mirrors prior attacks on Salesforce, Discord, and Gainsight and includes observable registry and infrastructure patterns, prompting mitigation guidance such as MFA, domain monitoring, and stricter Zendesk controls.