Scattered LAPSUS$ Hunters claims group of global firms

scattered-hunters-new — Image by Cybernews.

After recently attacking Salesforce, the hacking conglomerate Scattered LAPSUS$ Hunters is claiming it has breached a series of major international corporations, including Dell and Verizon.

Scattered LAPSUS$ Hunters—a merger of Scattered Spider, LAPSUS$, and ShinyHunters—claims breaches at Dell, Verizon, Telstra, Lycamobile, and Kuwait Airways.
The group leaked samples of sensitive personal and technical data stolen from multiple sectors.
Despite a fake “retirement,” Scattered LAPSUS$ Hunters has resumed coordinated extortion attacks across major industries.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

Scattered LAPSUS$ Hunters posted data samples on its Telegram channel as proof that the conglomerate has indeed breached a group of major international corporations across the tech, aviation, and telecommunications sectors.

The list of the latest alleged victims includes American tech corporation Dell, US telecommunications conglomerate Verizon, Australian telecommunications company Telstra, and French mobile virtual network operator Lycamobile.

Kuwait Airways, Kuwait's national airline, and True Corporation & dtac, a major telecoms operator in Thailand that recently completed a merger, have also allegedly been breached.

Potential for wave of identity theft

Cybernews has reached out to some of the companies for comment and will update the article once a reply is received.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

According to Scattered LAPSUS$ Hunters, the compromised data is extensive and varies by victim, including sensitive personal and technical information.

The allegedly stolen data includes:

Full names
Physical addresses
Phone numbers
Email addresses
Dates of birth
Job titles
Passport numbers, expiry dates, and national ID numbers
IP addresses
Customer order details and product serial numbers
Mobile carrier, subscription, and plan details
Technical mobile network data and call logs

The Cybernews research team has analyzed the data snippets and says that the gang seems to have nabbed Dell’s buyers’ contact information, address, and order details.

The sample of Telstra data includes physical addresses and full names, and the posted batch of Kuwait Airways data contains PII of their passengers including full names, phone numbers, emails, birth dates, and passport information, according to Cybernews researchers.

“The general impact of these leaks could be potential identity theft, increased likelihood of scams, and targeted social engineering for the affected people,” said the researchers.

“Leaked IP addresses from mobile network providers could also be combined with other data to identify users or correlate activity across different services.”

The Trinity of Chaos

Scattered LAPSUS$ Hunters is a recently formed cybercrime group that has primarily focused on data extortion after gaining access to corporate networks through social engineering tactics.

The conglomerate consists of three previously separate – and notorious – cybercrime gangs: Scattered Spider, LAPSUS$, and ShinyHunters. The group targets multinational companies precisely because they offer larger data pools and complex third-party integrations that attackers can exploit.

The hacking gang, also known as the Trinity of Chaos, has been busy lately because the news of the breach comes amid a wider extortion campaign targeting Salesforce customers.

Salesforce data leak — Image by Cybernews.

The group claims to have stolen almost 1 billion records and has threatened to release data from over 700 major companies, including Google, FedEx, UPS, Toyota, Stellantis, Adidas, Disney, Home Depot, and many others, unless it gets paid.

A few days before the Salesforce breach, Scattered LAPSUS$ Hunters abruptly announced its retirement. But it’s already obvious that the farewell was a smokescreen, and already by the end of September, researchers saw that the gang was sending new extortion emails left and right.

According to researchers, the three now-allied groups share a proclivity for social engineering, overlapping membership, joint public channels, and coordinated attacks on high-profile targets.

Other tactics that overlap include exploitation of multi-factor authentication (MFA) fatigue and SIM swapping, the use of public shaming, leak sites, and direct communication with victims.

The three now-allied groups share a proclivity for social engineering, overlapping membership, joint public channels, and coordinated attacks on high-profile targets.

Moreover, it now seems that the conglomerate has just expanded. According to Dark Reading, Crimson Collective, a threat actor who recently claimed to have stolen 570 gigabytes of internal data from software company Red Hat Consulting, has reportedly joined its ranks.

Red Hat is now listed on the ShinyHunters website, and the listing warns that the stolen data will be published on October 10th if the company does not enter into negotiations.

According to the hackers, the sample files released include reports from Walmart, HSBC, the Bank of Canada, Atos Group, American Express, the US Department of Defense, and French telecom company SFR.

Unlock more exclusive Cybernews content on YouTube.