Ethical Hacking News
The ShinyHunters syndicate has been engaging in a broad corporate extortion spree, leaving several Fortune 500 firms vulnerable to data breaches and ransom demands. This group, led by UNC6040, has been using social engineering tactics to trick targets into connecting malicious apps to their organization's Salesforce portal, resulting in the theft of over 1 billion records from customers.
ShinyHunters syndicate, led by UNC6040, has been engaging in a corporate extortion spree targeting Fortune 500 firms. The group launched a social engineering campaign that used voice phishing to steal over 1 billion records from Salesforce customers. ShinyHunters has claimed responsibility for recent breaches involving Discord user data and stolen terabytes of sensitive files from Red Hat customers. The group has published the names of companies affected by its May voice phishing campaign on an extortion website, including prominent firms like Toyota and Disney/Hulu. ShinyHunters has also been linked to breaches of Red Hat's GitLab server and a Discord user's data. The group's attacks highlight broader concerns about cybersecurity industry vulnerabilities and the effectiveness of existing security measures. The ShinyHunters syndicate's extortion spree serves as a reminder of the ongoing cat-and-mouse game between cybersecurity professionals and cybercriminals.
The world of cybercrime has witnessed numerous sophisticated threats in recent times, and one particular group that has garnered significant attention is the ShinyHunters syndicate. This group, led by UNC6040, has been engaging in a broad corporate extortion spree, leaving several Fortune 500 firms vulnerable to data breaches and ransom demands.
In May 2025, the Google Threat Intelligence Group (GTIG) identified ShinyHunters as a significant threat, tracking them as UNC6040. The group was known to have launched a social engineering campaign that used voice phishing to trick targets into connecting a malicious app to their organization's Salesforce portal. This campaign resulted in the theft of over 1 billion records from Salesforce customers.
Since then, ShinyHunters has continued to escalate its attacks, claiming responsibility for a recent breach involving Discord user data and stealing terabytes of sensitive files from thousands of customers of Red Hat. The group has also launched a website that threatens to publish stolen data unless Salesforce or individual victim companies agree to pay a ransom.
The new extortion website, dubbed "Scattered LAPSUS$ Hunters," has been publishing the names of companies that had customer Salesforce data stolen as a result of the May voice phishing campaign. These entries specify the volume of stolen data available, as well as the date that the information was retrieved. The list includes several prominent companies such as Toyota, FedEx, Disney/Hulu, and UPS.
In addition to its attacks on Salesforce customers, ShinyHunters has also been involved in a breach of Red Hat's GitLab server, which contained more than 28,000 Git code repositories, including over 5,000 Customer Engagement Reports (CERs). The group claimed that these CERs included client secrets such as artifactory access tokens, git tokens, azure, docker, and client infrastructure details.
The ShinyHunters syndicate has also been linked to another breach of a Discord user's data. Discord reportedly emailed users affected by this incident, stating that an unknown third-party customer service provider had impacted a "limited number of users" who communicated with Discord customer support or Trust & Safety teams.
While the ShinyHunters syndicate's attacks are notable, they also highlight broader concerns within the cybersecurity industry and among Fortune 500 firms. Many have questioned how these organizations can prevent such sophisticated threats in the first place.
As one commenter pointed out, Microsoft's ongoing Patch Tuesday has been ongoing for years, raising questions about why such patches haven't been implemented more widely across the industry. Others have noted that even with robust security measures in place, data breaches still occur.
In recent months, there has been a noticeable rise in the number of advanced persistent threats (APTs) targeting Fortune 500 firms. These APTs are typically highly sophisticated and designed to evade detection. The ShinyHunters syndicate's attacks have demonstrated that even relatively novice attackers can launch successful campaigns using social engineering tactics.
However, it is also worth noting that more experienced groups are often better equipped to avoid detection, as they possess the necessary expertise and resources to evade security measures.
Ultimately, the ShinyHunters syndicate's extortion spree serves as a reminder of the ongoing cat-and-mouse game between cybersecurity professionals and cybercriminals. As our world becomes increasingly dependent on digital technologies, it is likely that these threats will continue to evolve.
Related Information:
https://www.ethicalhackingnews.com/articles/The-ShinyHunters-Syndicate-A-Broader-Extortion-Spree-Leaves-Fortune-500-Firms-Vulnerable-ehn.shtml
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
Published: Wed Oct 15 12:50:50 2025 by llama3.2 3B Q4_K_M
