Scattered LAPSUS$ Hunters shifts from borrowed encryptors to ShinySp1d3r RaaS
Threat Actor Meta
Summary
Hide ▲
Show ▼
Scattered LAPSUS$ Hunters (SLSH) has shifted from using other gangs’ encryptors to launching ShinySp1d3r, giving the group its own ransomware-as-a-service brand and greater control over extortion operations. The group is widely described as an amalgam of Scattered Spider, LAPSUS$, and ShinyHunters, so the move reflects a broader ecosystem consolidation rather than a single-ransomware pivot. The change can strengthen affiliate recruitment, monetization, and operational autonomy across a wider victim base.
Related Happenings
Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance
Threat Actor Meta
H score67
First: 03.07.2026 14:30
Last: 03.07.2026 14:30
Sources 1
About this happening:
**Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...
Vect and TeamPCP industrialize ransomware through a supply-chain credential-theft alliance
Threat Actor MetaAbout this happening: **Vect** and **TeamPCP** formed a new **ransomware-as-a-service** partnership that combines **supply-chain credential theft** with extortion, expanding the risk of follow-on attac...
The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth
Threat Actor Meta
H score26
First: 10.06.2026 17:03
Last: 10.06.2026 17:03
Sources 1
About this happening:
**The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...
The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth
Threat Actor MetaAbout this happening: **The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor Meta
H score21
First: 07.06.2026 17:09
Last: 07.06.2026 17:09
Sources 1
About this happening:
**Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion
Threat Actor MetaAbout this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...
Silent Ransom Group US law firm IT impersonation campaign
Campaign
H score36
First: 29.05.2026 16:00
Last: 29.05.2026 16:00
Sources 1
About this happening:
**Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
Silent Ransom Group US law firm IT impersonation campaign
CampaignAbout this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor Meta
H score57
First: 21.04.2026 17:00
Last: 21.04.2026 17:00
Sources 1
About this happening:
**The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor MetaAbout this happening: **The Gentlemen** ransomware-as-a-service operation is using an operator-maintained **EDR-killer** portfolio, led by **GentleKiller**, to disable security software before encrypti...
Timeline
-
26.11.2025 19:22 2 articles · 7mo ago
Scattered LAPSUS$ Hunters launches ShinySp1d3r ransomware-as-a-service
Campaign Scope UpdateScattered LAPSUS$ Hunters announced a new ransomware-as-a-service operation called ShinySp1d3r, marking a shift from its earlier pattern of using encryptors from other ransomware families such as ALPHV/BlackCat, Qilin, RansomHub, and DragonForce. The move gives the group a branded ransomware offering it can package, recruit around, and use for extortion operations.
Show sources
- Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ — krebsonsecurity.com — 26.11.2025 19:22
- Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’ — krebsonsecurity.com — 26.11.2025 19:22