Scattered Lapsus$ Hunters
| Named after | Collation of ShinyHunters, Scattered Spider, and Lapsus$ |
|---|---|
| Formation | 2025 |
| Founder | ShinyHunters |
| Type | Cybercrime gang |
| Methods | Spearphishing, SIM swapping, recruitment of accomplices via social media, extortion, hacking, Social engineering (security), Ransomware |
| Membership | Over 10 (suspected to be more) |
Official language | English, French |
| ShinyCorp | |
Parent organization | ShinyHunters |
| Affiliations | ShinyHunters, Scattered Spider, and Lapsus$ |
Scattered Lapsus$ Hunters, sometimes referred to as UNC6040 and UNC6395,[1][2] is a cybercrime supergroup also known and referred to as "Trinity of Chaos"[3]. The supergroup is an international extortion-focused collective or alliance. They first appeared in or around August 2025,[4] and have claimed responsibility for several notable data breaches, including but not limited to; those of stealing over 1 billion customer records from Salesforce from both their UNC6040[5] and UNC6395[6] campaigns,[7][8][9] RedHat[10] and the doxing ICE officials.[11] Their website BreachForums was seized by the US and French police forces in October 2025 following the public extortions against Salesforce.[12] The supergroup claimed on their Telegram channel to be formed from members of other groups like Scattered Spider, Lapsus$ and ShinyHunters.[4]
References
- ^ "FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks". The Hacker News. Retrieved 3 November 2025.
- ^ "ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security". 7 October 2025. Retrieved 3 November 2025.
- ^ "Resecurity | Trinity of Chaos: The LAPSUS$, ShinyHunters, and Scattered Spider Alliance Embarks on Global Cybercrime Spree". www.resecurity.com. 25 September 2025. Retrieved 3 November 2025.
- ^ a b "Three notorious cybercrime gangs appear to be collaborating". TheRegister. Retrieved 18 October 2025.
- ^ Gatlan, Sergiu. "ShinyHunters launches Salesforce data leak site to extort 39 victims". BleepingComputer. Retrieved 3 November 2025.
- ^ Abrams, Lawrence. "ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks". BleepingComputer. Retrieved 3 November 2025.
- ^ Whittaker, Lorenzo Franceschi-Bicchierai, Zack (3 October 2025). "Hacking group claims theft of 1 billion records from Salesforce customer databases". TechCrunch. Retrieved 18 October 2025.
{{cite web}}: CS1 maint: multiple names: authors list (link) - ^ Goodin, Dan (8 October 2025). "Salesforce says it won't pay extortion demand in 1 billion records breach". Ars Technica. Retrieved 18 October 2025.
- ^ "Become a Computing member Hacking group claims theft of one billion Salesforce records". Computing.co.uk. Retrieved 18 October 2025.
- ^ Abrams, Lawrence. "Red Hat data breach escalates as ShinyHunters joins extortion". BleepingComputer. Retrieved 3 November 2025.
- ^ Cox ·, Joseph (17 October 2025). "Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials". 404 Media. Retrieved 18 October 2025.
- ^ "Cops seize Scattered Lapsus$ Hunters' BreachForums domain". TheRegister. Retrieved 18 October 2025.