Scattered Lapsus$ Hunters signal extortion-as-a-service shift and possible new ransomware testing
Threat Actor Meta
Summary
Hide ▲
Show ▼
Scattered Lapsus$ Hunters are signaling a move toward extortion-as-a-service (EaaS), a shift that could widen their reach while reducing direct attribution pressure. Observations from early October 2025 also point to testing of a possible ransomware build, SHINYSP1D3R, adding uncertainty about whether the group is expanding beyond pure extortion. The change matters because it could help the actors fly under the radar of law enforcement and reshape the wider The Com criminal ecosystem.
Related Happenings
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
Campaign
H score60
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
CampaignAbout this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
Latest development: 29.06.2026 23:40
Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.
Silent Ransom Group US law firm IT impersonation campaign
Campaign
H score36
First: 29.05.2026 16:00
Last: 29.05.2026 16:00
Sources 1
About this happening:
**Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Silent Ransom Group US law firm IT impersonation campaign
CampaignAbout this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Charter Communications hit by network compromise linked to ShinyHunters
Incident
H score70
First: 26.05.2026 22:46
Last: 26.05.2026 22:46
Sources 1
About this happening:
**Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Charter Communications hit by network compromise linked to ShinyHunters
IncidentAbout this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, with the company saying it is **alerting authorities** and that **no sensitive personal...
Latest development: 29.05.2026 11:29
Have I Been Pwned analyzed leaked Charter Communications data and confirmed that the incident affected 4.9 million accounts, with exposed records including names, email addresses, job titles, phone numbers, and physical addresses. The published data also included a subset of about 85,000 records from an internal employee directory.
Ransomware ecosystem fragments into smaller agile cells in 2025
Threat Actor Meta
H score48
First: 18.02.2026 13:30
Last: 18.02.2026 13:30
Sources 1
About this happening:
**Ransomware** activity in **2025** is becoming more fragmented and harder to track, with **124 groups** and **73 new groups** signaling a more crowded threat market. The shift ma...
Ransomware ecosystem fragments into smaller agile cells in 2025
Threat Actor MetaAbout this happening: **Ransomware** activity in **2025** is becoming more fragmented and harder to track, with **124 groups** and **73 new groups** signaling a more crowded threat market. The shift ma...
ShinyHunters data-leak site exposing stolen attack data
Data Leak
H score71
First: 31.01.2026 17:02
Last: 31.01.2026 17:02
Sources 1
About this happening:
The **ShinyHunters** extortion gang is publishing stolen data on a **data-leak site** tied to its broader **Oracle PeopleSoft** theft campaign. New reporting adds the **University...
ShinyHunters data-leak site exposing stolen attack data
Data LeakAbout this happening: The **ShinyHunters** extortion gang is publishing stolen data on a **data-leak site** tied to its broader **Oracle PeopleSoft** theft campaign. New reporting adds the **University...
Timeline
-
22.10.2025 11:30 2 articles · 8mo ago
Scattered Lapsus$ Hunters discuss EaaS and test SHINYSP1D3R
Technical Analysis UpdateTelegram posts made on October 4, 2025 show Scattered Lapsus$ Hunters discussing an extortion-as-a-service (EaaS) program and testing a new ransomware variant believed to be dubbed SHINYSP1D3R.
Show sources
- Scattered Lapsus$ Hunters Signal Shift in Tactics — www.infosecurity-magazine.com — 22.10.2025 11:30
- Scattered Lapsus$ Hunters Signal Shift in Tactics — www.infosecurity-magazine.com — 22.10.2025 11:30
-
22.10.2025 11:30 1 articles · 8mo ago
Scattered Lapsus$ Hunters set an October 10 ransom deadline and leak data
Victim Impact UpdateScattered Lapsus$ Hunters set 11:59 PM ET on October 10, 2025 as the ransom payment deadline, and data linked to at least six companies was released.
Show sources
- Scattered Lapsus$ Hunters Signal Shift in Tactics — www.infosecurity-magazine.com — 22.10.2025 11:30
-
22.10.2025 11:30 1 articles · 8mo ago
Scattered Lapsus$ Hunters say nothing else will be leaked
Victim Impact UpdateOn October 11, 2025, after the deadline passed and the six-organization data release had already occurred, Scattered Lapsus$ Hunters said "nothing else will be leaked".
Show sources
- Scattered Lapsus$ Hunters Signal Shift in Tactics — www.infosecurity-magazine.com — 22.10.2025 11:30