Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Scattered Lapsus$ Hunters signal extortion-as-a-service shift and possible new ransomware testing

Threat Actor Meta
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

Scattered Lapsus$ Hunters are signaling a move toward extortion-as-a-service (EaaS), a shift that could widen their reach while reducing direct attribution pressure. Observations from early October 2025 also point to testing of a possible ransomware build, SHINYSP1D3R, adding uncertainty about whether the group is expanding beyond pure extortion. The change matters because it could help the actors fly under the radar of law enforcement and reshape the wider The Com criminal ecosystem.

Related Happenings

Charter Communications hit by network compromise linked to ShinyHunters

Incident
First: 26.05.2026 22:46 Last: 26.05.2026 22:46 Sources 1

About this happening: **Charter Communications** confirmed a **data breach** tied to **ShinyHunters** extortion, raising the risk of customer-data exposure and active follow-on pressure. The company sa...

Open Happening

Ransomware ecosystem fragments into smaller agile cells in 2025

Threat Actor Meta
First: 18.02.2026 13:30 Last: 18.02.2026 13:30 Sources 1

About this happening: **Ransomware** activity in **2025** is becoming more fragmented and harder to track, with **124 groups** and **73 new groups** signaling a more crowded threat market. The shift ma...

Open Happening

ShinyHunters data-leak site exposing stolen attack data

Data Leak
First: 31.01.2026 17:02 Last: 31.01.2026 17:02 Sources 1

About this happening: The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.

Open Happening

Rising encryptionless extortion incidents against enterprises in 2025

Target Trend
First: 15.01.2026 17:45 Last: 15.01.2026 17:45 Sources 1

About this happening: **Encryptionless extortion** surged in **2025** as attackers increasingly skipped ransomware encryption and instead stole data to pressure victims across **enterprise environments...

Open Happening

DragonForce rebrands as a ransomware cartel and expands its affiliate model

Threat Actor Meta
First: 03.12.2025 17:05 Last: 03.12.2025 17:05 Sources 1

About this happening: **DragonForce** rebranded itself as a **ransomware cartel** in **2025**, widening its affiliate model and lowering entry barriers for new operators. The shift matters because the...

Open Happening

Timeline

  1. 22.10.2025 11:30 2 articles · 7mo ago

    Scattered Lapsus$ Hunters discuss EaaS and test SHINYSP1D3R

    Technical Analysis Update

    Telegram posts made on October 4, 2025 show Scattered Lapsus$ Hunters discussing an extortion-as-a-service (EaaS) program and testing a new ransomware variant believed to be dubbed SHINYSP1D3R.

    Show sources
    Open in new tab
  2. 22.10.2025 11:30 1 articles · 7mo ago

    Scattered Lapsus$ Hunters set an October 10 ransom deadline and leak data

    Victim Impact Update

    Scattered Lapsus$ Hunters set 11:59 PM ET on October 10, 2025 as the ransom payment deadline, and data linked to at least six companies was released.

    Show sources
    Open in new tab
  3. 22.10.2025 11:30 1 articles · 7mo ago

    Scattered Lapsus$ Hunters say nothing else will be leaked

    Victim Impact Update

    On October 11, 2025, after the deadline passed and the six-organization data release had already occurred, Scattered Lapsus$ Hunters said "nothing else will be leaked".

    Show sources
    Open in new tab