Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Researchers firm up ShinyHunters, Scattered Spider link | Computer Weekly

By Computer Weekly by By Computer Weekly
August 12, 2025
Home Uncategorized
Share on FacebookShare on Twitter


The ShinyHunters hacking collective responsible for a wave of cyber attacks orchestrated via Salesforce products is likely collaborating with the Scattered Spider gang that brought down systems at Marks & Spencer earlier this year, according to new research.

In a report published today, ReliaQuest researchers Kimberley Bromley and Ivan Righi argue that there is now plenty of evidence – albeit some of it highly circumstantial – suggesting a deliberate partnership between the two operations, both of which have previously been linked to the wider cyber crime network known as The Com.

They described a dramatic shift in ShinyHunters’ tactics that move the group well beyond its previous modus operandi, which centred largely on credential theft and database exploitation, to include “hallmark” Scattered Spider techniques.

These include the adoption of highly-targeted voice phishing, or vishing, campaigns that impersonate IT support staff to get victims to connect malicious apps – Salesforce Data Loader in the current campaign – that enable them to steal data, the use of Okta-themed phishing pages to trick their victims into entering their credentials, and the use of the legitimate Mullvad virtual private network (VPN) service to perform data exfiltration.

“These tactics align closely with Scattered Spider’s trademark methods and those of the broader collective, The Com, fueling speculation about active collaboration between the groups,” wrote Bromley and Righi.

Evidence adds up

The ReliaQuest team offered up more evidence of a link, saying that the two groups also appear to be targeting similar verticals – retail, insurance, and aviation – during the same rough timeline, and they seem to be taking a similar approach in the naming conventions they used when registering their domains. Bromley and Righi warned that based on their analysis of domains registered that match the naming pattern convention favoured by ShinyHunters and Scattered Spider, it is likely that financial services companies should now be on high alert.

More evidence has recently emerged of the existence of an individual persona associated with ShinyHunters, known as Sp1d3rhunters. This account, which first popped up on the BreachForums data leak service in 2024, when it was linked to ShinyHunters’ breach of Ticketmaster, has allegedly claimed that ShinyHunters and Scattered Spider are the same, and moreover always have been.

“If these connections are legitimate, they suggest that collaboration or overlap between ShinyHunters and Scattered Spider may have been ongoing for more than a year,” said the researchers.

Broader significance

Conceding that it would be possible to spend months dissecting the clues that suggest ShinyHunters and Scattered Spider are working together, Bromley and Righi said it was important for defenders not to lose sight of the broader significance of the ongoing attacks – that they are successful not because of who orchestrated them, but because of how they were executed.

“Threat actors constantly rotate infrastructure, change names, and adapt their TTPs to evade detection and maximise impact,” they said.

“As a result, tracking the behavioral patterns and evolving TTPs behind these campaigns is far more valuable than focusing solely on indicators of compromise (IOCs) or attribution.

“For security leaders, understanding this fluid and persistent threat landscape is critical to anticipating future attacks and making informed decisions about security strategy and resource allocation.”

They warned that the cyber attack campaigns were likely to continue regardless of whether the two groups are working together, or are one and the same, adding that others may also attempt to emulate the success of the high-profile attacks by adopting similar tactics.

“These recent campaigns showcase the effectiveness of a new wave of English-speaking threat actors highly skilled in social engineering,” they said.



Source link

By Computer Weekly

By Computer Weekly

Next Post
Stocks making the biggest moves premarket: Hanesbrands, On Holding, Circle, BigBear.ai and more

Stocks making the biggest moves premarket: Hanesbrands, On Holding, Circle, BigBear.ai and more

Recommended.

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

September 29, 2025
Pax8’s New CTO On Joining At AI Inflection Point: ‘This Thing Is A Rocket Ship’

Pax8’s New CTO On Joining At AI Inflection Point: ‘This Thing Is A Rocket Ship’

January 27, 2026

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio