Post

Scattered Spider, ShinyHunters and LAPSUS$ Form Unified Collective

Posted
By ictsec.pl
1 min read

Source: Infosecurity Magazine

“Scattered LAPSUS$ Hunters (SLH), previously observed hinting at an extortion-as-a-service offering and testing “Sh1nySp1d3r” ransomware, has now been identified not just as a loose collaboration but as a coordinated alliance blending Scattered Spider, ShinyHunters and LAPSUS$ under a shared operational banner.

While Unit 42 previously observed Telegram chatter signaling EaaS plans, the latest analysis reveals Telegram’s broader role as a permanent command hub and brand engine, not just a broadcast channel. Since early August, the group has cycled through at least 16 public channels, rebuilding them within hours of each takedown.

Trustwave’s profile maps key personas shaping the enterprise, including “shinycorp,” viewed as the primary coordinator, and “yuka,” tied to zero-day brokerage and tooling linked historically to advanced malware such as BlackLotus. This verification of skilled exploit development represents a step beyond the unconfirmed ransomware claims highlighted in October.

To read the complete article see: Infosecurity Magazine

RESEARCH
This post is licensed under CC BY 4.0 by the author.