Ethical Hacking News
ShinyHunters, a notorious cybercrime group, has claimed responsibility for breaching the Council of Europe, exposing over 297 GB of sensitive data. The attack exploits a zero-day flaw in Oracle PeopleSoft and targets more than 100 organizations worldwide. As experts investigate this breach, it is clear that the threat posed by sophisticated hackers like ShinyHunters will only continue to grow in the coming years.
ShinyHunters cybercrime group breached the Council of Europe, stealing over 297 GB of sensitive data. The breach exploited a zero-day flaw in Oracle PeopleSoft and affected over 100 organizations across 300 vulnerable instances. The stolen data includes personal and confidential records from employees, including HR, payroll, and medical information. ShinyHunters is demanding payment in exchange for the safe return of the stolen data. The breach highlights the growing threat posed by advanced persistent threats (APTs) and the need for robust security measures.
ShinyHunters, a notorious cybercrime group, has claimed responsibility for breaching the Council of Europe, one of the most respected international organizations dedicated to promoting democracy and human rights in Europe. In a brazen attack that exploits a zero-day flaw in Oracle PeopleSoft, ShinyHunters managed to infiltrate the organization's systems and steal more than 297 GB of sensitive data.
According to the cybercrime group, the breach occurred due to an unpatched vulnerability tracked as CVE-2026-35273. The attackers successfully exploited this hole to gain access to more than 100 organizations across 300 vulnerable instances. ShinyHunters has already revealed that it had previously compromised numerous other high-profile targets, including universities and K-12 schools.
The stolen data from the Council of Europe includes HR and payroll records, payslips, purchase-order records, CVs, employees' salary, banking, tax, and medical records. The sheer volume of sensitive information exposed by ShinyHunters is staggering, with 429,000 files containing personal and confidential data.
The attackers have announced that they will be demanding payment in exchange for the safe return of this stolen data. The exact amount of ransom demanded has not been disclosed, but it is clear that ShinyHunters is using its sophisticated hacking skills to extort a hefty sum from the Council of Europe.
This latest breach highlights the growing threat posed by advanced persistent threats (APTs) and their devastating impact on organizations worldwide. As cybersecurity experts continue to grapple with the evolving threat landscape, the need for robust security measures and prompt incident response becomes increasingly pressing.
The Council of Europe has confirmed that it is currently investigating the breach and assessing the situation, although they have declined to comment further on the matter. Oracle PeopleSoft, the software vendor whose zero-day flaw was exploited by ShinyHunters, remains silent on the issue, fueling concerns about its response to the vulnerability.
ShinyHunters has a reputation for orchestrating high-profile hacking operations that expose sensitive data from various organizations. The group's modus operandi often involves exploiting vulnerabilities in software applications and then selling or using the stolen data for financial gain.
The breach of the Council of Europe is another significant incident in ShinyHunters' long history of cybercrime, which has already seen the group compromise numerous high-profile targets. As experts continue to investigate this attack and understand the full extent of the damage caused by ShinyHunters, one thing is clear: the threat posed by sophisticated hackers like these will only continue to grow in the coming years.
Related Information:
https://www.ethicalhackingnews.com/articles/Council-of-Europe-Hacked-ShinyHunters-Sophisticated-Heist-Exposes-297-GB-of-Sensitive-Data-ehn.shtml
https://www.theregister.com/cyber-crime/2026/06/15/council-of-europe-hacked-in-shinyhunters-peoplesoft-heist/5255757
https://nvd.nist.gov/vuln/detail/CVE-2026-35273
https://www.cvedetails.com/cve/CVE-2026-35273/
Published: Wed Jun 17 20:51:40 2026 by llama3.2 3B Q4_K_M
