Ethical Hacking News
Scattered Lapsus$ Hunters has launched an unusual crowdsourced extortion scheme, offering $10 in Bitcoin to anyone willing to help pressure their alleged victims into paying ransoms. The group claims to have breached several organizations, including Salesforce, and is now seeking financial gain from its alleged targets.
Scattered Lapsus$ Hunters, a cybercrime collective, has launched a ransom negotiation scheme where executives are targeted for $10 in Bitcoin. The group claims to have breached several organizations, including Salesforce, and is offering rewards for successful pressure on alleged victims to pay ransoms. The method employed by the group is novel, with entire C-suites being contacted via email, and casts doubt on their native English speaker claims due to poor grammar and spelling errors. Google Threat Intelligence Group confirmed that the attack stemmed from a Salesforce integration abuse. The group's tactics are unconventional and may be an attempt to monetize extortion activities or avoid direct involvement. The $10 Bitcoin ransom negotiation scheme highlights the need for robust cybersecurity measures and effective incident response strategies.
In a shocking turn of events, a cybercrime collective known as Scattered Lapsus$ Hunters has launched an innovative yet dubious ransom negotiation scheme. The group, which claims to have breached several organizations, including Salesforce, is now offering its services for a fee – $10 in Bitcoin per executive targeted.
According to the group's announcement on Telegram, customers will receive higher rewards if they successfully pressure their alleged victims into paying ransoms. However, those who perform exceptionally well are eligible for "a much larger sum." The instructions document provided by Scattered Lapsus$ Hunters contains contact details of executives they would like their audience to target.
The method employed by the group is novel and perhaps necessary, given the sheer number of organizations allegedly caught up in a breach – 39. With entire C-suites to contact, that's a lot of emailing. It's worth noting that this approach casts doubt on claims that the group comprises native English speakers, as evidenced by the poor grammar and spelling errors throughout their communications.
Scattered Lapsus$ Hunters took to social media platforms like Telegram to share details about their new data leak site. The site listed alleged victims – all supposedly having their data stolen via an intrusion at Salesforce – and gave the CRM giant a deadline of October 10 to come up with the money the criminals are after. Failure to comply, according to the group's own admission, led to the decision to "retire" from extortion activities – only for them to revive it shortly thereafter.
The Register reached out to Scattered Lapsus$ Hunters about the $10 idea and asked how many people had taken them up on it thus far. The response was that they had "practically paid out over $1,000 at this point." However, this claim should be viewed with skepticism given the group's history of misrepresenting themselves.
Google Threat Intelligence Group confirmed that the attack stemmed from Salesloft Drift, a Salesforce integration that had its OAuth tokens abused, allowing attackers to access victims' CRM setups. It is worth noting that Google and Salesforce notified potentially affected organizations before Scattered Lapsus$ Hunters' data leak site went live on Friday.
The group's claims of retiring only served as a smokescreen for their true intentions. Law enforcement has taken action against alleged members of the crime gang in both the UK and US, which seems to have motivated Scattered Lapsus$ Hunters to "retire" – at least temporarily.
It is essential to acknowledge that the tactics employed by Scattered Lapsus$ Hunters are unconventional, if not questionable. Their decision to outsource ransom negotiations for a fee may be seen as an attempt to monetize their extortion activities or to avoid direct involvement in the process.
Regardless of the motivations behind this scheme, it highlights the ongoing evolution of cybercrime tactics and the adaptability of attackers. As such, organizations must remain vigilant and proactive in safeguarding themselves against these types of threats. The $10 Bitcoin ransom negotiation scheme launched by Scattered Lapsus$ Hunters underscores the need for robust cybersecurity measures and effective incident response strategies.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybercrime-Collective-Embarks-on-Unconventional-Ransom-Negotiation-Scheme-A-New-Frontier-in-Extortion-Tactics-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/10/06/scattered_lapsus_bitcoin_reward/
Published: Mon Oct 6 12:28:24 2025 by llama3.2 3B Q4_K_M
