The cybercrime collective known as ShinyHunters has launched a widespread extortion campaign, targeting dozens of Fortune 500 companies with data stolen in a series of high-profile breaches. Operating under the banner “Scattered LAPSUS$ Hunters,” the group created a victim-shaming website to pressure corporations into paying ransoms.

The campaign’s roots trace back to a voice phishing attack that compromised Salesforce customers, siphoning over a billion records. The extortion site now lists prominent victims such as Toyota, FedEx, and Disney, threatening to leak their data unless Salesforce pays a collective ransom. Salesforce has publicly stated it will not negotiate or pay any demands.

Broad Scope of Breaches Revealed

Beyond the Salesforce incident, ShinyHunters has claimed responsibility for several other significant intrusions. The group announced it breached a Red Hat GitLab server, exfiltrating over 28,000 code repositories and sensitive customer engagement reports. Red Hat has since confirmed the compromise and is notifying affected clients.

Additionally, the hackers took credit for a breach at a third-party service provider for Discord, which exposed user data including emails, IP addresses, and government IDs submitted for age verification. The group also claims to possess authentication tokens stolen from Salesloft, threatening to extort hundreds more organizations.

Aggressive Tactics and Law Enforcement Action

The group’s aggressive methods include exploiting a critical zero-day vulnerability in Oracle’s E-Business Suite software and sending malware-laced emails to security researchers. These threatening messages contained the ASYNCRAT trojan, a backdoor capable of keylogging, file transfer, and credential theft.

Despite their audacity, law enforcement agencies are closing in. Prosecutors in the U.S. and U.K. have recently charged several alleged members of affiliated groups like Scattered Spider and LAPSUS$, some as young as 18, in connection with data theft and extortion schemes totaling millions of dollars.

Source: https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/