Cybercrime Gangs Unite: Scattered Spider, ShinyHunters, and Lapsus$ Join Forces

Three infamous cybercrime collectives—Scattered Spider, ShinyHunters, and Lapsus$—appear to have teamed up in a new Telegram channel called ’Scattered LAPSUS$ Hunters.’ The group shared partial breach samples, vendor lists, and taunts about high-profile attacks, including raids on Victoria’s Secret, Gucci, and Neiman Marcus. They also claimed to be developing a ransomware-as-a-service (RaaS) operation named ’ShinySpider,’ boasting encryption speeds of 1 GB per second. The channel vanished by Monday, but not before causing chaos and elevating the hackers’ notoriety.

Experts suggest this collaboration marks a new phase in cyber extortion, where clout and chaos are as valuable as financial gain. ReliaQuest’s threat research director noted evidence of alignment between ShinyHunters and Scattered Spider, with the latter acting as an initial access broker. Meanwhile, ShinyHunters has expanded beyond credential theft, leveraging Scattered Spider’s social engineering tactics to infiltrate companies like Dior, Chanel, and Google.

Lapsus$, known for its 2021-2022 crime spree targeting Nvidia, Microsoft, and Okta, adds to the threat with its history of SIM swapping and bribing employees for access. The Com, a broader collective linking these groups, further amplifies the danger with offerings like swatting-for-hire. Despite arrests disrupting their operations, these gangs continue to adapt, posing a growing challenge to global cybersecurity.

cybercrimehackingransomwaredata breachcybersecurityScattered SpiderShinyHuntersLapsus$Telegramextortion