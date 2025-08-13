Organizations in the financial services and technology sectors may be the next targets of the ShinyHunters hacking collective, also known as UNC6040, which has seemingly partnered with the Scattered Spider ransomware gang, reports The Hacker News.
Attacks by ShinyHunters have recently been imbued with Scattered Spider tactics, including the deployment of social engineering and voice phishing schemes, legitimate tool-spoofing apps, Okta phishing pages for credential theft, and VPN concealment in data exfiltration activities, according to an analysis from ReliaQuest. ShinyHunters and Scattered Spider have also been suspected to be collaborating due to the timing of their attacks against the same industries. The findings come amid the emergence of a Telegram channel purportedly led by members of the ShinyHunters, Scattered Spider, and LAPSUS$ hacking groups, which touted the development of the ShinySp1d3r ransomware-as-a-service platform before being removed from the messaging platform. "[Scattered LAPSUS$ Hunters'] connection to known entities like Scattered Spider and ShinyHunters indicates this is less a "new" group than a rebranding and coalescence of existing threat actors responding to recent law enforcement heat," noted FalconFeeds researchers. Meanwhile, ShinyHunters noted that BreachForums has been turned into a honeypot following a recent law enforcement takedown.
Attacks by ShinyHunters have recently been imbued with Scattered Spider tactics, including the deployment of social engineering and voice phishing schemes, legitimate tool-spoofing apps, Okta phishing pages for credential theft, and VPN concealment in data exfiltration activities, according to an analysis from ReliaQuest. ShinyHunters and Scattered Spider have also been suspected to be collaborating due to the timing of their attacks against the same industries. The findings come amid the emergence of a Telegram channel purportedly led by members of the ShinyHunters, Scattered Spider, and LAPSUS$ hacking groups, which touted the development of the ShinySp1d3r ransomware-as-a-service platform before being removed from the messaging platform. "[Scattered LAPSUS$ Hunters'] connection to known entities like Scattered Spider and ShinyHunters indicates this is less a "new" group than a rebranding and coalescence of existing threat actors responding to recent law enforcement heat," noted FalconFeeds researchers. Meanwhile, ShinyHunters noted that BreachForums has been turned into a honeypot following a recent law enforcement takedown.