Ransomware operations ceased by Scattered Spider, others

Increasing law enforcement action following recent attacks against Salesforce, Jaguar Land Rover, and Marks & Spencer has prompted the Scattered Spider hacking group and over a dozen of its allies, including Lapsus$, IntelBroker, and N3z0x, to suddenly announce the end of their operations on a BreachForums-hosted page later shared on the "Scattered Lapsus$ Hunters" Telegram channel, reports Cybernews. Also included in the announcement is ShinyHunters' retirement from launching retaliatory intrusions on behalf of its allied threat operations. Despite repetitively taunting not only its victims but also the FBI, the UK National Crime Agency, and Google's Mandiant on their Telegram channel, Scattered Lapsus$ Hunters was noted by Acumen Cyber Principal Consultant and Threat Intelligence Lead Cian Heasley to be fearful of mounting legal action for their attacks. "It's a transparent move that suggests its members are buying some breathing time, panicking about the threat of prison, and arguing behind the scenes about how much trouble they are actually in and the need to be cautious," said Heasley.