Shinyhunters

Threat Actor updated 10 months ago (2024-11-29T14:52:44.858Z)

Download STIX

Preview STIX

ShinyHunters, a notorious threat actor group, has been involved in several significant data breaches, posing a serious cybersecurity concern for businesses worldwide. The group is known for its malicious activities targeting corporate entities, with the intent of stealing proprietary information. Between April 2020 and July 2021, ShinyHunters was responsible for the sale of hacked data from over 60 companies, which they leaked on various dark web forums including RaidForums, EmpireMarket, and Exploit. Notably, the group claimed to have stolen data of 30 million Santander customers and more recently, 33 million phone numbers from Twilio. One of the key members of ShinyHunters, Sebastien Raoult (also known as “Seyzo Kaizen”), a French national, was extradited from Morocco to the United States in January 2023. Raoult, along with two other co-conspirators, faced charges for hacking into protected computers and theft of stolen proprietary information. Their actions highlighted the global reach and damaging potential of such threat actors. In a significant development, Raoult was sentenced in U.S. District Court in Seattle to three years in prison and ordered to pay more than $5 million in restitution for conspiracy to commit wire fraud and aggravated identity theft. This sentencing marks an important step in holding threat actors accountable for their actions, demonstrating the ongoing efforts by law enforcement agencies to combat cybercrime and protect businesses from such threats.

Description last updated: 2024-10-17T11:46:13.667Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Breachforums

Cybercrime

Extortion

Ransomware

Ransom

Google

Salesforce

Data Leak

Phishing

Aws

Exploit

Snowflake

Fraud

Credentials

Vishing

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Hunters Malware is associated with Shinyhunters. Malware hunters, often referred to as bug hunters, play a critical role in cybersecurity by identifying and addressing vulnerabilities in software systems. In 2023, these professionals proved their worth at the Pwn2Own Toronto event where they identified 58 unique zero-day vulnerabilities, earning a	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Scattered Spider Threat Actor is associated with Shinyhunters. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	Unspecified	5
The Lapsus Threat Actor is associated with Shinyhunters. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor	Unspecified	2

Source Document References

Information about the Shinyhunters Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
InfoSecurity-magazine	a day ago	Fifteen Ransomware Gangs “Retire,” Future Unclear
InfoSecurity-magazine	a day ago	Gucci and Alexander McQueen Hit by Customer Data Breach
Securityaffairs	3 days ago	ShinyHunters Attack National Credit Information Center of Vietnam
Securityaffairs	4 days ago	FBI Warns of Salesforce attacks by UNC6040 and UNC6395
InfoSecurity-magazine	13 days ago	Scattered Spider-Linked Group Claims JLR Cyber-Attack
Malwarebytes	13 days ago	No we didn't warn all Gmail users about imminent digital doom, says Google
InfoSecurity-magazine	14 days ago	Cloudflare and Palo Alto Networks Victimized in Salesloft Drift Breach
Krebs on Security	16 days ago	The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft
Unit42	22 days ago	Data Is the New Diamond: Heists in the Digital Age
Securityaffairs	22 days ago	Farmers Insurance discloses a data breach impacting 1.1M customers
Securityaffairs	a month ago	Exploit weaponizes SAP NetWeaver bugs for full system compromise
InfoSecurity-magazine	a month ago	Allianz Life Data Breach Exposes Personal Data of 1.1 Million
Securityaffairs	a month ago	Allianz Life security breach impacted 1.1 million customers
Securityaffairs	a month ago	Human resources firm Workday disclosed a data breach
InfoSecurity-magazine	a month ago	Workday Reveals CRM Breach
Securityaffairs	a month ago	Security Affairs newsletter Round 537 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	a month ago	Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach
InfoSecurity-magazine	a month ago	Financial Services Could Be Next in Line for ShinyHunters
Checkpoint	a month ago	11th August – Threat Intelligence Report - Check Point Research
Securityaffairs	a month ago	Google confirms Salesforce CRM breach, faces extortion threat