Find notable cyber news and cases, enriched with sources, timelines, and signals.

Scattered Lapsus Shiny Hunters' harassment-driven extortion operating model

Threat Actor Meta
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

Scattered Lapsus Shiny Hunters (SLSH) is now using a harassment-driven extortion model that pairs stolen data with swatting, threats, and publicity pressure, raising the stakes for victim firms. The group’s loosely organized, English-language structure appears tied to The Com, where rapid collaboration is offset by instability and infighting. That matters because victims cannot verify promises to delete stolen data, so paying can intensify coercion instead of ending it. The model also appears designed to extract information that can support later fraud operations.

Related Happenings

Business Email Compromise underground operating model and monetization ecosystem

Threat Actor Meta
H score29 First: 30.06.2026 17:00 Last: 30.06.2026 17:00 Sources 1

About this happening: **BEC** underground activity is expanding into a broader fraud-enablement ecosystem, raising the effectiveness and reach of invoice and payment fraud. Researchers observed actors...

Silent Ransom Group shifts from Conti-linked ransomware participation to standalone data-theft extortion

Threat Actor Meta
H score21 First: 07.06.2026 17:09 Last: 07.06.2026 17:09 Sources 1

About this happening: **Silent Ransom Group (UNC3753)** is a **standalone data-theft extortion** actor that has operated separately since **2022** after the **Conti** shutdown, using stolen data and le...

FIFA-themed phishing-as-a-service market selling scam kits and ticket-buying bots

Threat Actor Meta
H score42 First: 05.06.2026 10:01 Last: 05.06.2026 10:01 Sources 1

About this happening: A **FIFA-themed phishing-as-a-service market** is selling **ready-made scam kits** and **ticket-buying bots**, lowering the barrier for fraud operators and making takedowns less e...

Silent Ransom Group US law firm IT impersonation campaign

Campaign
H score36 First: 29.05.2026 16:00 Last: 29.05.2026 16:00 Sources 1

About this happening: **Silent Ransom Group (SRG)**, also tracked as **UNC3753**, **Chatty Spider**, and **Luna Moth**, is running a **financially motivated data theft extortion campaign** against **do...

Lucifer DaaS’s evolution into a commission-based drainer service platform

Threat Actor Meta
H score19 First: 21.05.2026 17:00 Last: 21.05.2026 17:00 Sources 1

About this happening: **Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...

Timeline

  1. 02.02.2026 18:15 2 articles · 5mo ago

    SLSH harassment-driven extortion model

    Technical Analysis Update

    Scattered Lapsus Shiny Hunters (SLSH) is described as a harassment-driven extortion gang that pressures victim organizations with phone-based phishing, victim-branded credential harvesting sites, swatting, DDoS, email floods, and threats against executives and their families while amplifying the intrusion in public Telegram channels; Mandiant said the latest attacks traced to incidents spanning early to mid-January 2026 involved operators posing as IT staff, directing employees to credential-harvesting sites to capture SSO credentials and MFA codes, and registering their own device for MFA.

    Show sources