Shinyhunters

Threat Actor updated 10 months ago (2024-11-29T14:52:44.858Z)

Download STIX

Preview STIX

ShinyHunters, a notorious threat actor group, has been involved in several significant data breaches, posing a serious cybersecurity concern for businesses worldwide. The group is known for its malicious activities targeting corporate entities, with the intent of stealing proprietary information. Between April 2020 and July 2021, ShinyHunters was responsible for the sale of hacked data from over 60 companies, which they leaked on various dark web forums including RaidForums, EmpireMarket, and Exploit. Notably, the group claimed to have stolen data of 30 million Santander customers and more recently, 33 million phone numbers from Twilio. One of the key members of ShinyHunters, Sebastien Raoult (also known as “Seyzo Kaizen”), a French national, was extradited from Morocco to the United States in January 2023. Raoult, along with two other co-conspirators, faced charges for hacking into protected computers and theft of stolen proprietary information. Their actions highlighted the global reach and damaging potential of such threat actors. In a significant development, Raoult was sentenced in U.S. District Court in Seattle to three years in prison and ordered to pay more than $5 million in restitution for conspiracy to commit wire fraud and aggravated identity theft. This sentencing marks an important step in holding threat actors accountable for their actions, demonstrating the ongoing efforts by law enforcement agencies to combat cybercrime and protect businesses from such threats.

Description last updated: 2024-10-17T11:46:13.667Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Breachforums

Extortion

Cybercrime

Phishing

Ransom

Ransomware

Exploit

Google

Salesforce

Data Leak

Aws

Credentials

Vulnerability

Vishing

Fraud

Snowflake

Oracle

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Hunters Malware is associated with Shinyhunters. Malware hunters, often referred to as bug hunters, play a critical role in cybersecurity by identifying and addressing vulnerabilities in software systems. In 2023, these professionals proved their worth at the Pwn2Own Toronto event where they identified 58 unique zero-day vulnerabilities, earning a	Unspecified	3
The Rover Malware is associated with Shinyhunters. Rover is a malicious software (malware) that has the potential to exploit and damage computer systems or devices. It can infiltrate systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, Rover can steal personal information, disrupt operations, or even	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Scattered Spider Threat Actor is associated with Shinyhunters. Scattered Spider, also known as Octo Tempest, 0ktapus, and UNC3944, is a notorious threat actor group involved in major data extortion campaigns. This cybercriminal group has been associated with high-profile attacks on organizations like Caesars Entertainment and MGM, often in collaboration with th	Unspecified	7
The Lapsus Threat Actor is associated with Shinyhunters. Lapsus is a significant threat actor that has been active since its inception in early 2022. The group gained notoriety for its cyberattacks, including a high-profile breach of Nvidia, an American multinational technology company, in the same year. This attack led to the leak of thousands of passwor	Unspecified	3

Source Document References

Information about the Shinyhunters Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Krebs on Security	13 hours ago	ShinyHunters Wage Broad Corporate Extortion Spree
InfoSecurity-magazine	a day ago	Discord Reveals Data Breach Following Third-Party Compromise
Securityaffairs	a day ago	CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025
Malwarebytes	a day ago	Discord warns users after data stolen in third-party breach
CrowdStrike	a day ago	CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability Tracked as CVE-2025-61882
InfoSecurity-magazine	2 days ago	Ransomware Group “Trinity of Chaos” Launches Data Leak Site
Securityaffairs	3 days ago	Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION - Security Affairs
Securityaffairs	4 days ago	ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims
Securityaffairs	6 days ago	Allianz Life data breach impacted 1.5 Million people
Securityaffairs	8 days ago	Scattered Spider, ShinyHunters Restructure - New Attacks Underway
Checkpoint	9 days ago	29th September – Threat Intelligence Report - Check Point Research
InfoSecurity-magazine	15 days ago	Car Giant Stellantis Confims Third-Party Breach
InfoSecurity-magazine	16 days ago	Organizations Must Update Defenses to Scattered Spider Tactics, Expert
InfoSecurity-magazine	22 days ago	Gucci and Alexander McQueen Hit by Customer Data Breach
InfoSecurity-magazine	22 days ago	Fifteen Ransomware Gangs “Retire,” Future Unclear
Securityaffairs	24 days ago	ShinyHunters Attack National Credit Information Center of Vietnam
Securityaffairs	25 days ago	FBI Warns of Salesforce attacks by UNC6040 and UNC6395
InfoSecurity-magazine	a month ago	Scattered Spider-Linked Group Claims JLR Cyber-Attack
Malwarebytes	a month ago	No we didn't warn all Gmail users about imminent digital doom, says Google
InfoSecurity-magazine	a month ago	Cloudflare and Palo Alto Networks Victimized in Salesloft Drift Breach