You have 0 free articles left this month.
Register for a free account to access unlimited free content.
Powered by MOMENTUM MEDIA
lawyers weekly logo

Powered by MOMENTUMMEDIA

For breaking news and daily updates, subscribe to our newsletter.
Advertisement

ShinyHunters forms hacking supergroup with Scattered Spider, teases major leaks

Notorious hacking group ShinyHunters has confirmed that it is working with infamous hacking collective Scattered Spider, alongside Lapsus$, and has teased a massive number of leaks following its major Salesforce hacking campaign.

ShinyHunters forms hacking supergroup with Scattered Spider, teases major leaks
expand image

ShinyHunters revealed over the weekend that it was working with two other threat actors - Scattered Spider and Lapsus$, confirming Cyber Daily’s suspicion that there was overlap between ShinyHunters and Scattered Spider.

"They provide us with initial access and we conduct the dump and exfiltration of the Salesforce CRM instances. Just like we did with Snowflake," said ShinyHunters regarding Scattered Spider.

The groups formed a telegram channel named "ScatteredLapsuSp1d3rHunters", in which they taunted cyber professionals, law enforcement and journalists, while also teasing leaks for a number or major organisations.

 
 

While the Telegram has been taken down, FalconFeeds.io observed that Cartier, Chanel, Gucci, Subaru, Qantas, WestJet, Victoria’s Secret, Zomato, Royal Dutch Airlines, Coinbase, Alfac, Erie Insurance, Banco Santander and many more would be potentially leaked. Based on screenshotted messages, the group says it has 91 victims.

The group also said it had breached several governments and government agencies, including the US Department of Homeland Security, the UK Ministry of Justice and a number of agencies in France, Brazil, India and England.

Lapsus$ specifically threatened the Ministry of Justice, demanding the release of “Jared Antwon and all the other fallen soldiers of Lapsus$”, and that it would otherwise “leak all the github repositories and the legal aid…database”.

The group also leaked a database of Allianz Life which it said was already available for free online.

“This is a public database that’s available for free online via searching the internet, this is not private records, the meaning of ‘leak’ in this context is to give a download link to make it accessible,” the group wrote.

According to BleepingComputer, the files contained database tables for Allianz Life ‘Accounts’ and ‘Contacts’ and together contained 2.8 million records pertaining to customers and business partners.

Within this were names, addresses, dates of birth, phone numbers, Tax ID numbers as well as other business information and professional data. BleepingComputer says it has verified the data as accurate.

Similarly, the group leaked a Salesforce database of Coca Cola’s Europacific partners, which once again it said was already publicly accessible and free.

A new ransomware supergroup

The mass leak ShinyHunters, now Scattered Lapsu$ Hunters, has performed is nothing new for the former threat actor, having performed similar mass leaks during a Snowflake cyber campaign.

The group also told BleepingComputer that the Salesforce campaign is ongoing, meaning new victims not yet known about are likely to appear, just as many were revealed in the Telegram channel.

A number of these victims were believed to have been breached by Scattered Spider, before experts began attributing the attacks to Scattered Spider, leading to Cyber Daily suspecting that a connection had been established between the two, particularly as the companies breached had not been publicly disclosed by the threat actor, a staple of both organisations.

The group also appears to be taking the cross threat actor alliance to a new level, now advertising a new Ransomware-as-a-Service (RaaS) called “SHINYSP1D3R”, which it claims to be better than rival RaaS offerings.

The group specifically called out LockBit and DragonForce, and heavily pushed their claimed access to an inventory of 0-day and 1-day vulnerabilities.

“DRAGONFORCE AND LOCKBIT IS NOTHING COMPARED TO SHINYSP1D3R UPCOMING RAAS!!!!!!!!!!!!!,” the group said.

In just a few days, Scattered Lapsu$ Hunters has captured the media and made a huge impact on the current cybercrime market, showing off the massive power it has and the huge list of victims it has already affected. They have marketed themselves as the new powerhouse in ransomware and cybercrime, and seem to be able to back that up.

However, with all this gloating and marketing comes major interest in law enforcement, and their failure to keep laying low may see global law enforcement forces gear up to take on the new big bad wolf.

All three organisations have had members arrested for their activity, most notably being ShinyHunters, which had a key member from notorious hacking forum BreachForums arrested in June.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.