Shinyhunters

Threat Actor updated a year ago (2024-11-29T14:52:44.858Z)

Download STIX

Preview STIX

ShinyHunters, a notorious threat actor group, has been involved in several significant data breaches, posing a serious cybersecurity concern for businesses worldwide. The group is known for its malicious activities targeting corporate entities, with the intent of stealing proprietary information. Between April 2020 and July 2021, ShinyHunters was responsible for the sale of hacked data from over 60 companies, which they leaked on various dark web forums including RaidForums, EmpireMarket, and Exploit. Notably, the group claimed to have stolen data of 30 million Santander customers and more recently, 33 million phone numbers from Twilio. One of the key members of ShinyHunters, Sebastien Raoult (also known as “Seyzo Kaizen”), a French national, was extradited from Morocco to the United States in January 2023. Raoult, along with two other co-conspirators, faced charges for hacking into protected computers and theft of stolen proprietary information. Their actions highlighted the global reach and damaging potential of such threat actors. In a significant development, Raoult was sentenced in U.S. District Court in Seattle to three years in prison and ordered to pay more than $5 million in restitution for conspiracy to commit wire fraud and aggravated identity theft. This sentencing marks an important step in holding threat actors accountable for their actions, demonstrating the ongoing efforts by law enforcement agencies to combat cybercrime and protect businesses from such threats.

Description last updated: 2024-10-17T11:46:13.667Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Breachforums

Extortion

Cybercrime

Phishing

Ransom

Ransomware

Exploit

Google

Salesforce

Data Leak

Aws

Credentials

Vulnerability

Fraud

Vishing

Snowflake

Oracle

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Hunters Malware is associated with Shinyhunters. Malware hunters, often referred to as bug hunters, play a critical role in cybersecurity by identifying and addressing vulnerabilities in software systems. In 2023, these professionals proved their worth at the Pwn2Own Toronto event where they identified 58 unique zero-day vulnerabilities, earning a	Unspecified	3
The Rover Malware is associated with Shinyhunters. Rover is a malicious software (malware) that has the potential to exploit and damage computer systems or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Rover can steal personal information, disrupt operations, or even	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Scattered Spider Threat Actor is associated with Shinyhunters. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	Unspecified	8
The Lapsus Threat Actor is associated with Shinyhunters. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor	Unspecified	4

Source Document References

Information about the Shinyhunters Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	12 days ago	Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884
InfoSecurity-magazine	13 days ago	FBI and French Police Shutter BreachForums Domain Again
Securityaffairs	13 days ago	Google, Mandiant expose malware and zero-day behind Oracle EBS extortion
Unit42	16 days ago	The Golden Scale: Bling Libra and the Evolving Extortion Economy
Krebs on Security	19 days ago	ShinyHunters Wage Broad Corporate Extortion Spree
InfoSecurity-magazine	19 days ago	Discord Reveals Data Breach Following Third-Party Compromise
Securityaffairs	19 days ago	CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025
Malwarebytes	19 days ago	Discord warns users after data stolen in third-party breach
CrowdStrike	20 days ago	CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability Tracked as CVE-2025-61882
InfoSecurity-magazine	20 days ago	Ransomware Group “Trinity of Chaos” Launches Data Leak Site
Securityaffairs	21 days ago	Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION - Security Affairs
Securityaffairs	23 days ago	ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims
Securityaffairs	24 days ago	Allianz Life data breach impacted 1.5 Million people
Securityaffairs	a month ago	Scattered Spider, ShinyHunters Restructure - New Attacks Underway
Checkpoint	a month ago	29th September – Threat Intelligence Report - Check Point Research
InfoSecurity-magazine	a month ago	Car Giant Stellantis Confims Third-Party Breach
InfoSecurity-magazine	a month ago	Organizations Must Update Defenses to Scattered Spider Tactics, Expert
InfoSecurity-magazine	a month ago	Fifteen Ransomware Gangs “Retire,” Future Unclear
InfoSecurity-magazine	a month ago	Gucci and Alexander McQueen Hit by Customer Data Breach
Securityaffairs	a month ago	ShinyHunters Attack National Credit Information Center of Vietnam