English-Speaking Hacking Group Launches Website to Extort Victims
A well-known hacking group, primarily English-speaking, has recently set up a website to extort its targets. The group threatens to release approximately one billion records stolen from companies that store customer data in cloud databases hosted by Salesforce.
This loosely organized group, previously identified as Lapsus$, Scattered Spider, and ShinyHunters, has unveiled a dedicated data leak site on the dark web named Scattered LAPSUS$ Hunters.
The website was first detected by threat intelligence researchers on Friday and was reviewed by DailyTech. Its primary goal is to coerce victims into paying the hackers to prevent the publication of their stolen data online.
The site’s message reads, “Contact us to regain control of data governance and prevent the public disclosure of your data. Do not become the next headline. All communications require strict verification and will be handled with discretion.”
In recent weeks, the ShinyHunters gang has allegedly infiltrated numerous high-profile companies by breaching their cloud-based databases hosted by Salesforce.
Several prominent companies, including Allianz Life, Google, Kering, Qantas, Stellantis, TransUnion, and Workday, have confirmed that their data was compromised in these large-scale cyberattacks.
The hackers’ leak site lists various alleged victims, such as FedEx, Hulu (owned by Disney), and Toyota Motors, none of which responded to inquiries on Friday.
It remains unclear whether companies that were hacked but not mentioned on the hackers’ leak site have paid a ransom to prevent the publication of their data. A representative from ShinyHunters did not respond promptly to DailyTech’s message.
The hackers mention Salesforce at the top of the site and demand that the company engage in ransom negotiations, warning that otherwise, “all your customers’ data will be leaked.” The message’s tone suggests that Salesforce has not yet interacted with the hackers.
A spokesperson for Salesforce did not address DailyTech’s outreach or queries regarding the breach.
For weeks, security experts have speculated that the group, which has traditionally avoided a public online presence, was planning to launch a data leak site to extort its victims.
Historically, such websites have been linked to foreign ransomware gangs, often Russian-speaking. These organized cybercrime groups have shifted from stealing, encrypting data, and privately demanding a ransom to threatening to publish stolen data unless payment is made.
