Scattered Lapsus$ Hunters looking to hire: Who is its target employee, and how much does it pay?

Published: 27 February 2026
Female voice used for vishing
Image by Cybernews

The attacker collective is looking for female voices to be used in its new vishing campaign.

Scattered Lapsus$ Hunters (SLH), a cybercrime group, is seeking women to assist with its social engineering, a manipulation technique that tricks people into divulging sensitive information.

The group shared the proposal on Telegram on the 22nd of February that it’s looking to recruit women for its voice phishing (vishing) campaign.

ADVERTISEMENT

For this work, SLH offered to pay from $500 to $1,000 per call up front, “depending on your success and hit rate,” reported Dataminr, a company specializing in AI-powered real-time event, threat, and risk intelligence.

One of SLH’s Telegram boards states that women interested in making some money “will be asked a series of questions before [they’re] accepted.”

Scattered Lapsus$ Hunters
Image by Cybernews.

The message also explains how women can “audition” for the role.

“Send us a voice message to start off saying 'hi i want to work' no weird shi,” says the group.

It also added that SLH will provide them with a script of what to say to the helpdesk.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

The idea behind using a female voice is that the group could deceive IT help desk staff, which is trained to identify attackers, by throwing them off with a voice that doesn’t necessarily fit the usual attacker profile.

ADVERTISEMENT

Scattered Lapsus$ Hunters was formed in 2025 by three leading threat actors: Scattered Spider (UNC3944), LAPSUS$, and ShinyHunters, with the main goal of achieving financial gain.

SLH achieves this through bypassing multi-factor authentication and targeting help desk staff to gain initial access.

Check if your data has been leaked

Find out if your email, phone number or related personal information might have fallen into the wrong hands.
18,611,353,922
Breached accounts
36,030
Breached websites

Among its victims are companies such as Google, Adidas, Cisco, Disney, Home Depot, and more.

Last year, after attacking Salesforce, the hacker group also claimed to have breached Dell, Verizon, Telstra, Lycamobile, and Kuwait Airways, releasing data samples on Telegram.

At the beginning of this year, the SLH group boasted that it had gained full access to Resecurity, an American cybersecurity company, systems. Nevertheless, that appeared to be a honeypot that lured the attackers with fabricated data.

This outcome helped security researchers to get the attackers’ IP addresses and even “identify the actor and link one of his active Gmail accounts to a US-based phone number and a Yahoo account.”

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked