In 2025, ShinyHunters conducted a sophisticated voice phishing attack compromising Salesforce customer data for dozens of Fortune 500 firms, including Toyota, Disney/Hulu, and FedEx. They then established an extortion website threatening to publicly release stolen records unless ransom payments are made. Additional attacks included a breach of Red Hat’s GitLab server containing customer engagement reports and a data breach affecting Discord users from a third-party service provider.
The criminal activity comprises an amalgamation of hacking groups known as Scattered LAPSUS$ Hunters, believed to combine Scattered Spider, Lapsus$, and ShinyHunters, operating in cybercriminal communities on Telegram and Discord. Victim companies are targeted for ransom payments, but some like Salesforce have rejected negotiations, focusing instead on forensic investigations and cooperation with law enforcement. The extortion efforts and breaches leverage exploited vulnerabilities such as Oracle’s CVE-2025-61882 zero-day.
The campaigns raise significant cybersecurity and reputational risks for affected companies, highlighting ongoing challenges in defending enterprise environments from increasingly aggressive cybercrime syndicates. Law enforcement agencies continue to prosecute key individuals, underscoring the transnational nature of these threats. Meanwhile, targeted malware infections, including advanced trojans with credential theft and remote control capabilities, further endanger organizations and security personnel working to mitigate these breaches.
👉 Pročitaj original: Krebs on Security
