Collaboration emerging among three infamous cybercriminal groups
A new alliance between the cybercrime collectives Scattered Spider, ShinyHunters, and Lapsus$ has emerged, as evidenced by the appearance of a Telegram channel called "Scattered LAPSUS$ Hunters". This collaboration represents a shift in the cybercrime landscape, as these groups combine their strengths to carry out more effective extortion and data theft operations.
The alliance is likely driven by shared interests and the need for mutual support. Lapsus$, known for breaking into telecoms giant BT, Nvidia, Microsoft, Samsung, Vodafone, fintech firm Revolut, and Okta, has suffered setbacks from losing several members. ShinyHunters, active since 2020 and best known for high-profile attacks on Snowflake customers' databases, Ticketmaster, and AT&T, contributes its experience from maintaining platforms like BreachForums. Scattered Spider, known for SIM-swapping and high-profile retail intrusions, brings its expertise in phishing and social engineering.
Recent Data Breaches
These groups have been involved in several recent high-profile data breaches. ShinyHunters has been linked to data thefts from companies like Salesforce, Qantas, Allianz Life, LVMH, and Adidas. Lapsus$ has claimed involvement in attacks on Neiman Marcus, Victoria's Secret, Gucci, Chanel, and the U.S. Department of Homeland Security, among others. They are also developing a Ransomware-as-a-Service (RaaS) operation called "ShinySpider" or "ShinySp1d3r," which boasts high encryption speeds of about 1 GB/s.
The synchronized timing of these attacks strongly supports the likelihood of coordinated efforts between the two groups, Scattered Spider and ShinyHunters. For instance, Louis Vuitton reportedly became aware of an intrusion on July 2, shortly after domains like ticket-lvmh[.]com, ticket-dior[.]com, and ticket-louisvuitton[.]com were registered.
Preventing Social-Engineering Attacks
To prevent social-engineering attacks like those carried out by Scattered Spider, companies should train their help desk staff to enforce strong identity verification processes and enforce phishing-resistant multifactor authentication. This will help protect high-profile organizations from falling victim to these malicious groups.
In conclusion, the collaboration between Scattered Spider, ShinyHunters, and Lapsus$ represents a new phase in cybercrime, combining their strengths to achieve more effective extortion and data theft operations. Companies must remain vigilant and take necessary measures to protect their data and systems from these sophisticated threats.
- The alliance between Scattered Spider, ShinyHunters, and Lapsus$, operating under the Telegram channel "Scattered LAPSUS$ Hunters", is leveraging cloud technology to enhance their capabilities and carry out more effective extortion and data theft operations in the enterprise sector.
- As cybercrime collectives, ShinyHunters, known for cloud data breaches, Lapsus$, with a history of telecom industry attacks, and Scattered Spider, experts in phishing and social engineering, are employing AI and cybersecurity measures to boost their criminal activities, such as Ransomware-as-a-Service (RaaS) operations like "ShinySpider" or "ShinySp1d3r".
- General-news outlets and crime-and-justice departments have reported on the recent joint efforts between these groups, involving high-profile data breaches across diverse industries like telecom, finance, luxury brands, and travel, including companies like BT, Nvidia, Revolut, and Salesforce.
- To combat social-engineering attacks like those perpetrated by Scattered Spider, enterprises should educate their help desk staff on enforcing strong identity verification methods and implementing phishing-resistant multifactor authentication, thereby offering a more robust defense against these malicious organizations.
- With the emergence of this powerful cybercrime alliance, it is essential for businesses to stay informed about the latest security threats and trends in the technology sector, continuously adapting and strengthening their security measures to safeguard valuable data and maintain the integrity of their systems.
