Scattered LAPSUS$ Hunters Returns, Threatens 40 Companies With 1B Records Leak
Cybercrime groups LAPSUS$, Scattered LAPSUS$ Hunters, and a splinter group have reunited, threatening to leak data from around 40 companies. The group, now calling itself Scattered LAPSUS$ Hunters, has set a deadline for Salesforce to negotiate a payment to prevent the release of what they claim is 1 billion stolen records.
The group's reemergence follows a series of events starting in August. A campaign exploited Salesloft's Drift integration, allowing attackers to access numerous companies' Salesforce instances using OAuth tokens. This led to the theft of customer data. The group has since set an October 10 deadline for Salesforce to negotiate a payment to prevent the data leak.
The group, previously known as Scattered Spider, has faced law enforcement action. Two UK teens were charged for their role in a cyberattack on Transport for London, while a third teen turned himself in to Las Vegas police for multiple casino hacks. The group claimed to be working with LAPSUS$ and ShinyHunters in August, but this collaboration appears to have been short-lived.
Google Threat Intelligence Group confirmed the attacks, and Salesloft hired Mandiant to investigate the Drift campaign. However, Salesforce denies that its platform has been compromised, stating that the extortion attempts relate to past or unsubstantiated incidents. The 'SLH/SLSH Press Newsroom' declined to comment on specific questions but confirmed that the reemergence of the leak site is related to recent arrests.
The reemergence of Scattered LAPSUS$ Hunters with a data-leak site listing about 40 companies' Salesforce environments has raised concerns. The group is demanding $989.45 to prevent the publication of the stolen data. As negotiations continue, companies and users await further developments.
Read also:
- Trump announces Chinese leader's confirmation of TikTok agreement
- U.S. Army Europe & Africa Bolsters NATO, African Partnerships in Phase Zero
- SpaceX & T-Mobile Activate Starlink for Hurricane Helene Connectivity
- Hackers Utilize GOLD SALEM to Infiltrate Networks and Evade Security Measures, Deploying Warlock Ransomware
