"The nascent collective that combines three prominent cybercrime groups, Scattered Spider, LAPSUS$, and ShinyHunters, has created no less than 16 Telegram channels since August 8, 2025. "Since its debut, the group's Telegram channels have been removed and recreated at least 16 times under varying iterations of the original name - a recurring cycle reflecting platform moderation and the operators' determination to sustain this specific type of public presence despite disruption," Trustwave SpiderLabs, a LevelBlue company, said in a report shared with The Hacker News."
"Scattered LAPSUS$ Hunters (SLH) emerged in early August, launching data extortion attacks against organizations, including those using Salesforce in recent months. Chief among its offerings is an extortion-as-a-service (EaaS) that other affiliates can join to demand a payment from targets in exchange for using the "brand" and notoriety of the consolidated entity. All three groups are assessed to be affiliated with a loose-knit and federated cybercriminal enterprise referred to as The Com that's marked by "fluid collaboration and brand-sharing.""
Scattered Spider, LAPSUS$, and ShinyHunters formed a consolidated collective that created at least 16 Telegram channels beginning August 8, 2025, which were repeatedly removed and recreated. The collective branded itself Scattered LAPSUS$ Hunters (SLH) and launched data extortion attacks against organizations, including targets using Salesforce. The group offers extortion-as-a-service that allows affiliates to demand payments in exchange for using the consolidated brand and notoriety. Affiliations exist with a federated enterprise called The Com and adjacent clusters such as CryptoChameleon and Crimson Collective. Telegram functions as the primary coordination and publicity platform, using hacktivist-like visibility and administrative signatures to imply organized command.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]