Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hacking league responsible for multiple high-profile hacks says it is going “gentle into that good night”.
In a long, slightly rambling – and often esoteric – message posted to a URL linked to a popular hacking forum, the Scattered Lapsus$ Hunters hacking group has announced its retirement.
“As you know, the last weeks have been hectic,” a spokesperson for the group said.
“Whilst we were diverting you, the FBI, Mandiant, and a few others by paralysing Jaguar factories, (superficially) hacking Google 4 times, blowing up Salesforce and CrowdStrike defences, the final parts of our contingency plans were being activated.”
The anonymous spokesperson said that the group's behaviour had recently “evolved,” and that it had not entirely been following through on many of its network intrusions of late, leaving its victims wondering if their data would be actively compromised.
“Will Kering, Air France, American Airlines, British Airlines, and among many other critical infrastructure face a data breach? I'd wonder too if I was them, as they know some have yet to receive any demand for ransom – or anything else,” the spokesperson said.
“Are their data currently being exploited, whilst US, UK, AU, and French authorities fill themselves with the illusions they have gotten the situation under control?”
The listed airlines were all thought to have been victims of ShinyHunters, alongside Australia’s own national carrier, Qantas, while Kering appears to be a relatively new victim. According to reporting from DataBreaches.net, Kering – which owns luxury brands such as Gucci, Balenciaga, and Alexander McQueen – was recently revealed as a victim of a ShinyHunters attack some time in 2024.
“When did Balenciaga, Brioni, Alexander McQueen or Kering first discover this breach, and how did they first discover it? Kering has yet to disclose that,” ShinyHunters recently told DataBreaches.net.
“How many customers were affected? How many have been notified? Kering has yet to disclose that, either.”
Scattered Lapsus$ Hunters farewell note – assuming it’s legitimate – goes on to say that the names of its members may well appear in relation to future data breach disclosures, but said “that does not mean we are still active”.
The spokesperson then went on to address recent arrests of hackers allegedly linked to the group.
“We want to share a thought for the eight people that have been raided or arrested in relations [sic] to these campaigns, Scattered Spider and/or ShinyHunters groups since beginning of April 2024 and thereaftert [sic] 2025, and especially to the four who are now in custody in France,” the note says, referring to four recent arrests.
“We want to expand our regrets to their relatives, and apologise for their sacrifice. Any State needs its scapegoat. Those carefully selected targets are the last collateral victims of our war on power, and the use of our skills to humiliate those who have humiliated, predate those who have predated. We have ensure that the investigations targeting them will progressively fall apart, and that their mild vanity peccati will not inflict on them, long term consequences.”
Pecatti is the Italian word for ‘sins’.
The spokesperson alluded that those arrested will not face any “serious liability” and that they were effectively set up to take a fall for the group.
“We've learnt this from the best. This fine, funambulist equilibrium, so few are capable of reaching. Those techniques are taught every day at Langley,” the spokesperson said.
That, the note contends, is the “last lesson” the group wants to teach, and that it will not try to help those arrested, and that the group – “LAPSUS$, Trihash, Yurosh, Kurosh, Clown, IntelBroker, Scattered Spider, Yukari, and among many others” – is “going dark”.
“If you worry about us, don't. The most stupid (Yurosh, Intel) will enjoy our golden parachutes with the millions the group accumulated. Others will keep on studying and improving systems you use in your daily lifes. In silence,” the spokesperson said.
“Others finally will just go gentle into that good night.”
A poetic end to a short-lived hacking super-group, or yet another smokescreen to obscure their operations? Watch this space.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
