Threat Intelligence

ShinyHunters claims domain suspension after Canvas LMS attacks

Hacked computer system showing a skull icon with lines of code, illustrating cybercrime, data protection issues, and malware

According to HackRead, the notorious hacking group ShinyHunters is claiming its official clearnet domain has been suspended, sparking speculation that the action may be linked to its recent attacks, including the compromise of Instructure's Canvas LMS platform.

The group's domain, shinyhunte.rs, went offline on Monday, May 11, 2026, leading to rumors of law enforcement seizure, potentially involving the FBI. This outage follows ShinyHunters' claim of responsibility for defacing the Canvas LMS, a system used by numerous universities globally, which caused disruptions for students. While the .rs domain was primarily used for announcements, the group's actual data leaks, including those from previous Salesforce breaches, were hosted on a separate dark web (.onion) site. ShinyHunters stated that the suspended domain is no longer under their control and warned users against trusting it, announcing all future communications will exclusively occur on their onion domain.

The .rs domain is Serbia's country code top-level domain, managed by the Serbian National Internet Domain Registry. While domain suspensions are common for cybercrime, it is unclear if Serbian authorities acted independently or at the request of foreign agencies. The group's shift to exclusively using its onion-based infrastructure indicates a move towards enhanced operational security and reduced exposure following increased attention.

Source: HackRead

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds