Ransomware Intelligence

shinyhunters

Ransomware group profile

114Victims
United StatesSource country
90Impact score
Also Known As
UNC6040
Scattered Lapsus$ Hunters (SLH)
ShinyCorp

Description

ShinyHunters is a financially motivated cybercriminal group that specializes in large-scale data breaches and extortion. They primarily operate using a 'pay or leak' model, threatening to expose sensitive information unless ransoms are paid. Initially targeting a variety of industries, the group has evolved to focus on SaaS platforms and cloud environments.

Key insights

  • Employs sophisticated vishing techniques to gain initial access.
  • Targets Software-as-a-Service (SaaS) platforms and cloud environments.
  • Utilizes OAuth token exploitation and misconfigured applications for data exfiltration.
  • Operates under a 'pay or leak' model to extort victims.
  • Associated with other cybercriminal entities like Scattered Spider and Lapsus$.

Industries

EducationEnergy & UtilitiesFinancial ServicesGovernment & DefenseHealthcareHospitalityManufacturingOtherProfessional ServicesRetail & E-CommerceTechnologyTransportation

Threat Level & Status Breakdown

For shinyhunters · Based on incidents in selected period

4.9threat level
Aggressiveness8/ 10
Lethality1.9/ 10
Criticality5/ 10

Status Breakdown

Data Leaked37.7%43
Claimed46.5%53
First seenJun 2025
Last seenJun 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJun 23, 2026

Recent activity

Monthly attack count for shinyhunters in the selected period

114Total attacks
21peak in Apr
10.4avg / month
↑ 12 vs first month
JunJulAugSepOctJanFebMarAprMayJun06121824

Intelligence

IOCs, YARA/Sigma rules, and related families for shinyhunters

  1. a4566f8bd274ccdd7b0b5f958e1a8097573ad695
  2. 88bd49b1bd9c2bde78bc4e394c993035e0fde3ea
  3. 384e8f3d300205546fb8c9b9224011b3b3cb71adc994180ff55e1e6416f65715
  4. a9deac7dfa66c4fa0d94e448da73c50eb50501de
  5. db446f0e1d18b43805bfefe1af934ae4b0879e376904635cc7e14eae2d7fc682
  6. 65cba741fe30fa4799fb9002ea8de6d96042a59159dd7c3419c766af24c835e6
  7. e45b18c93d187aac5c4486f57483bc87580e15def82a312bfb377ff16eb96b22
  8. 0274b39e79fa142adb154d090fa2d09e
  9. 51d39aa39478beeac94f2d12f682ecce
  10. 56dfe55b016c08f09dd5a2ab58504b377a3cd66ffba236a5a0539f6e2e39aa71
  11. ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
  12. 821da79d727351dd67ce5df7950e9a3de6647a3cf474bb3a093f67507fed92a6
  13. 9f7080e56d9b33fe8465da4759146655
  14. 770c1dc157226638f8ad1ac9669f4883
  15. 42a08d1063980328bf1a1c5652c21a79e8b06d6abcac1881a0e8afa391b86c81
  16. c40c94d787f6a35ac1cb4c5f031cf5777b77c79dc3929181badea33aaf177aa7
  17. 5cdfb23517d671d3b2c0535b23d80dbc8b053288e881b4f5eb2f1221f1e7a7fc
  18. 1f5ae3b51b2dbf9419f4b7d51725a49023abc81c
  19. 17158cd6490a2b3c672d087f3d69107643d6a6f7c67345461b10ae18f27e28d1
  20. df5ab9015833023a03f92a797e20196672c1d6525501a9f9a94a45b0904c7403
  21. 22f6e2b777f86fe5445a5823b988c5618ed05317
  22. 8284c8676cc22c4b2e66826ac16986da7ddecba1f2776b16771be17bfdc45dc2
  23. 1406e538fc441e89ce3d1747017f97a5
  24. 8f31f69f88a75d5faab4f94cfc2ec8a649fe1a24
  25. d0d17a50422e3d4a0a50fed0878a47d6
  26. 8e8f463c37ea7133194731bfe4490e6713dd0133f30fe08a6d069d10fa7db2c6
  27. d6af1c9f5ce407e53ec73c8e7187ed804fb4f80cf8dbd6722fc69e15e135db2e
  28. 668f932433a24bbae89d60b24eee4a24808fc741f62c5a3043bb7c9152342f40
  29. 849ef3cf2c251f6088d735c7b67c3434e915a1d924efecf4d608dbe9bb01928a
  30. 110a5b08b1f83748019545067a69216b
  31. 1f31ad8a9733e56f285f565db6c1b30a41ae46393f2d5ed63a3c62b2227a2b43
  32. e84270afa3030b48dc9e0c53a35c65aa
  33. 98f9101bdd25da3a54da1891ae57f3dc
  34. 048e18416177de2ead251abdf4d89837f6807c6aba4d5b1debe49adfdecbf05c
  35. ac0e045b6f3683315ef420971f382e167385e39023d118d023fa6989e35fadf6
  36. 16164c83ce4786ab85aa3fc9566a317519e866ff6cad3fbd647f3e955b8a8255
  37. 717da2804144e9759c4e6409f18b7b4b
  38. aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
  39. d83fdb9e53c5ff03c4cb0451ea1bebd79b53f29eadc1e2fa394c7af13a86ce2f
  40. f0410358a0d9dbd0dff3113d9c744ca7
  41. d67a475f72ca65fd1ac5fd3be2f1cce2db78ba074f54dc4c4738d374d0eb19c7
  42. c7e9332731b06644fc73e0046a2a89eaa59b09f54250e9bd622467187351711f
  43. 29baab2551064fa30fb18955ccc8f332bd68ddd4
  44. 7d44697306143f3bfceba4f347d45ed1f9853087
  45. b8c046a7c3a28653662140bb2eaad32d
  46. d4ac4d684aca924c9d532c245c016c2a
  47. 27f9183b9694b9ea1e71283dd084570f5e57bac1a3b64988f7667a76617a8a7a
  48. 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
  49. 0dfe23ab86cb5c1bfaf019521f3163aa5315a9ca3bb67d7d34eb51472c412b22
  50. 9887bc4eed59173d94f5340ef7c09e8ea68cd824
  51. 451a42db9c514514ab71218033967554507b59a60ee1fc3d88cbeb39eec99f20
  52. 52fda5c1b9704544f32ee98d9060e689
  53. 4db090498a57b85411417160747ffd8d4875f98b3ca2b83736a68900b7304d2b
  54. 87c75c0df3e1c32e64d4c9ea129fcff9
  55. e8ad966042f179c415c605750488c9df353e4d2e
  56. 3a6e2c775c9c1060c54a9a94e80d923a
  57. c835fbfaf4aff8e8c252bb0ef406ddeb
  58. 04b14ead49adea9431147c145a89c07fea2c6f1cb515d9d38906c7696d9c91d5
  59. dd1c72823f933952619cbb86aaeaea43057a259e9a0c9e3b11c82225ec3faaa1
  60. c844d02c91d5e6dc293de80085ad2f69b5c44bc46ec9fdaa4e3efbda062c871c
  61. beadd181d0dbbbe36e0e311c5211a5dd
  62. 80e3a04fa68be799b3c91737e1918f8394b250603a231a251524244e4d7f77d9
  63. d5cd3d9243c875521b597bfb3d6d16e48d324e0e
  64. d20a3c928761fe00ac522eeb474612b5804cd9108453ea8591106d5d4428428e
  65. 43907e54cf3d1258f695d1112759b5457576481072cc76a679b8477cfeb3db87
  66. 17fd01e160ab44b6b189a9b3cb529bc74f790097
  67. 90aebc9849b659515fd70dde6db717ad457ab2a90522a410d1fd531ca8640624
  68. 1334f0189a8e6dbc48456fa4b482c5726ab7609f7fa652fcc4c1a96f2334436f
  69. 8dc32643ad886472aca642d293d752e76516d5ca
  70. 74a97d25595ad73129fa946dc3156cec
  71. cf2da87d52a6b08a3b9502b1f6082b8b76ba4d32
  72. 82b37a92589dfd4d67ca87eb9e52ac8e682e8e60d2211f59074cd5ccc693013b
  73. ada4e228e982a7e309bb6a3308e4872d
  74. 8a174aa70a4396547045aef6c69eb0259bae1706880f4375af71085eeb537059
  75. 4544e11195c4ccea90a0482a6ab2d38cc0e5f253
  76. 0cd3df20559504130571e116dda8cb18
  77. d6432b42f7a52976277bb00b29e761b9
  78. 0b812c1b1ae8299fcaf9ac192587eeed76f5abe4
  79. 1b153070934033deace7f04e77a72abe4e7e259271f885e25d81dc6337a9313d
  80. f174c19902523dcf005fa044b6598403a5e5c0a5982398d1bc0dcc5ec1cd351b
  81. f73eb3eef76498f4f73eb3eef76498f4
  82. 59ee007fd17280470724eb8a11ab12a98e85fd2383af3065f5f09a7e1a73f88c
  83. 84d3cba5b7cdcd1a231d1a1d860337bdae0dae84
  84. e67e7b8e0fb6baff4f25bb05dd5a5e21
  85. f5df98b344242c5eaad1fce421c640fadd71f7f21379d2bf7309001dfeb25972
  86. d58e3617d759d46248718ac4dfb46535d73febffd17fad1fd8ab47ce08da2fb4
  87. ae76461aaaeb03b2906a0721e569effb
  88. 81f874e57dac9804e05834f47d5f1a5189f9c5e0
  89. 766c356d6a4b00078a0293460c5967764fcd788da8c1cd1df708695f3a15b777
  90. eada05f4bfd4876c57c24cd4b41f7a40ea97274c
  91. 736a6b312fe80efea9bc2e482629be06
  92. f744871f84ddf60cf744871f84ddf60c
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for shinyhunters

CVE-2026-35273
CVE-2025-61884
CVE-2025-61882
CVE-2025-55234
CVE-2025-54918
CVE-2025-50107
CVE-2025-50105
CVE-2025-50090
CVE-2025-50071
CVE-2025-50062
CVE-2025-30746
CVE-2025-30745
CVE-2025-30744
CVE-2025-30743
CVE-2025-30739
CVE-2024-50623
CVE-2023-34362
CVE-2021-44228
CVE-2021-35587
Collection

T1213

Data from Information Repositories

Defense Evasion

T1550.001

Application Access Token

Victims(114)

CompanyDomainCountryIndustryStatusDiscovered
icsecurity.comicsecurity.comUS United StatesTechnology
Data Leaked
6 days ago
Amazon owned OneMedical.comonemedical.comUS United StatesHealthcare
Data Leaked
6 days ago
NAIC.orgnaic.orgUS United StatesProfessional Services
Data Leaked
6 days ago
Service Notice: Scheduled Maintenance and Infrastructure Upgrades
Data Leaked
7 days ago
icc.eduicc.eduUS United StatesEducation
Data Leaked
8 days ago
moody.edumoody.eduUS United StatesEducation
Data Leaked
8 days ago
glendale.eduglendale.eduUS United StatesEducation
Data Leaked
8 days ago
hccs.eduhccs.eduUS United StatesEducation
Data Leaked
9 days ago
kodak.comkodak.comUS United StatesManufacturing
Data Leaked
9 days ago
Deep Well Servicesdeepwellservices.comUS United StatesEnergy & Utilities
Data Leaked
9 days ago
Sysco Corporationsysco.comUS United StatesOther
Data Leaked
9 days ago
coe.intcoe.intFR FranceGovernment & Defense
Data Leaked
10 days ago
Madison Square Garden Sports Corp.msgsports.comUS United StatesHospitality
Data Leaked
12 days ago
JCPenney & several other subsdiaries under Catalyst Brands & Authentic Brands Groupjcpenney.comUS United StatesRetail & E-Commerce
Data Leaked
12 days ago
American Tower Corporationamericantower.comUS United StatesTechnology
Data Leaked
12 days ago
Zayo.com & Allstream.comzayo.comUS United StatesTechnology
Data Leaked
12 days ago
Nexstar.tvnexstar.tvUS United StatesTechnology
Data Leaked
13 days ago
Ralph Lauren Corporationralphlauren.comUS United StatesRetail & E-Commerce
Data Leaked
13 days ago
Notice
Unknown
13 days ago
nottingham.ac.uknottingham.ac.ukGB United KingdomEducation
Unknown
14 days ago

Page 1 of 6

Affected countries(35)

Countries where this group has been reported to target or leak victims.

🇦🇹Austria🇦🇺Australia🇧🇪Belgium🇧🇷Brazil🇨🇦Canada🇨🇭Switzerland🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇷Costa Rica🇩🇪Germany🇩🇰Denmark🇪🇸Spain🇫🇷France🇬🇧United Kingdom🇮🇩Indonesia🇮🇪Ireland🇮🇳India🇮🇹Italy🇯🇵Japan🇲🇦Morocco🇲🇽Mexico🇲🇾Malaysia🇳🇬Nigeria🇳🇱Netherlands🇳🇿New ZealandRussian Federation🇸🇪Sweden🇸🇬Singapore🇸🇳Senegal🇺🇸United States🇺🇾Uruguay🇺🇿Uzbekistan🇻🇳Vietnam🇿🇦South Africa