
DarkReading reports:
After announcing its farewell last month, the cyber extortion group known as Scattered Lapsus$ Hunters returned on Friday with a website featuring stolen Salesforce data and a list of dozens of alleged victims.
Scattered Lapsus$ Hunters is an apparent combination of the Scattered Spider, Lapsus$, and ShinyHunters cybercriminal groups, which first emerged over the summer in a public Telegram channel. However, just a few weeks later, the collective published a goodbye letter on Telegram and the Dark Web marketplace BreachForums, saying the three groups, as well as other threat actors, had “decided to go dark.”
But Scattered Lapsus$ Hunters burst back into the limelight this week with a Dark Web leak site devoted to the recent spate of Salesforce data thefts; one of the two distinct campaigns targeting Salesforce environments recently has been attributed to a threat group tracked by Google as UNC6040, which has claimed to be ShinyHunters in its extortion attempts.
The leak site claims to have approximately 1 billion records, with 39 victim organizations listed with sample data. The site declared a deadline of Oct. 10 for Salesforce, with a threat to publish all stolen data if its demands are not met.
Read more at DarkReading.