Krebs on Security: ShinyHunters Wage Broad Corporate Extortion Spree

Oct 7, 2025

—

Source URL: https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
Source: Krebs on Security
Title: ShinyHunters Wage Broad Corporate Extortion Spree

Feedly Summary: A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.

AI Summary and Description: Yes

Summary: The text discusses a significant threat posed by the cybercriminal group ShinyHunters, which has engaged in voice phishing to steal data from major corporations, including Salesforce and Red Hat. The group is now extorting these companies with threats to publish stolen data unless ransom is paid. This situation emphasizes the ongoing vulnerabilities in cloud services and the necessity for robust security protocols and comprehensive incident response strategies.

Detailed Description: The content highlights several critical incidents involving the cybercriminal group ShinyHunters, providing insights into their tactics and the implications for organizations reliant on cloud services. Key points include:

– **Cybercrime Tactics**:
– ShinyHunters utilized voice phishing techniques to gain unauthorized access to Salesforce, stealing data from numerous customers.
– A website has been launched threatening to expose sensitive data from various Fortune 500 companies if ransom demands are unmet.

– **Data Breaches Involved**:
– The group claims responsibility for intrusions at Salesforce and Red Hat.
– Specific breaches include sensitive files and customer engagement reports from Red Hat’s GitLab server, emphasizing the potential fallout for affected companies.

– **Ransom Demands and Extortion**:
– The new blog “Scattered LAPSUS$ Hunters” lists companies with stolen data, including major players like Toyota and Disney, and outlines ransom demands.

– **Corporate Responses**:
– Companies like Salesforce assert they will not negotiate with the hackers and are focused on strengthening their security measures.
– Red Hat has begun notifying affected customers regarding the breach, underscoring the importance of communication in incident management.

– **Government and Law Enforcement Actions**:
– The text notes ongoing investigations and prosecutions against members of the group and emphasizes the challenges law enforcement faces in combating cybercrime.

– **Implications of Cybersecurity**:
– There is a heightened concern over vulnerabilities in enterprise systems, particularly with cloud services.
– Organizations must adopt strategies such as Zero Trust architectures, regular security audits, and employee training to mitigate risks associated with social engineering tactics.

– **Emerging Threats**:
– The re-emergence of cyber extortion underscores the need for organizations to stay vigilant against evolving threats, including the exploitation of zero-day vulnerabilities like those in Oracle’s E-Business Suite.

This analysis reveals the complex landscape of cyber threats faced by companies, particularly as cybercriminal tactics evolve. Therefore, it’s critical for security professionals to continuously update their defense strategies and comply with evolving regulations and standards to protect sensitive data.

1 10 2 2025 5 a access Act actions age AI Aker All analysis and Arch architecture architectures art as at ated attack attacks audit Audits Bi breach breaches business Business Suite by Byte C CERN challenge challenges CI CIA Cloud cloud service cloud services co Col communication companies content continuous core corporate responses crime critical custom Customer customer engagement cyber cyber extortion cyber threat cyber threats cybercrime cybercrime tactics cybercriminal cybercriminal tactics cybersecurit Cybersecurity D data data breach Data breaches day day vulnerabilities de defense defense strategies demand discord Disney e emerging emerging threats employee training enforcement enforcement actions engagement Engineer engineering enterprise enterprise software enterprise systems ERP evolving regulations evolving threats exp exploit Exploitation extortion face file focused for g Gen git GitLab Go government Group H hack hacker hackers high Highlight HR http HTTPS implications in incident incident management incident response incident response strategies insights investigation investigations io ite J k Key l land law Law Enforcement led Li line M man management measures N new NGO no notes o of on ongoing investigations ons opt Oracle organization organizations oS out over pay phi phishing phishing attack Phishing Attacks phishing techniques play players point potential pre pro professionals protocol protocols ps Q R ransom ransom demand ransom demands rate RCE re record red Red Hat Regulation regulations report reports response response strategies responses responsibility Risk risks Ro robust security RoT Rust s sales Salesforce sec security security audit security audits security measure security measures security professionals security protocols sensitive data sensitive files server service services ShinyHunters Sig size sizes SoC social social engineering social engineering tactics software source specific SSE SSO standards stealing STIG stolen data strategies system systems T tactics tech techniques ted text the threat threats to Tor Toyota TP training trust trust architecture UI UN unauthorized access under up update US use user user data uth V voice voice phishing vulnerabilities Ware web website Wi x yt z Zen zero Zero Trust Zero Trust Architecture Zero Trust architectures zero-day Zero-Day Vulnerabilities