Ransomware Intelligence

shinyhunters Ransomware Group

Ransomware group profile

105Victims
United StatesSource country
92Impact score
Also Known As
UNC6040
Scattered Lapsus$ Hunters (SLH)
ShinyCorp

Description

ShinyHunters is a financially motivated cybercriminal group that specializes in large-scale data breaches and extortion. They primarily operate using a 'pay or leak' model, threatening to expose sensitive information unless ransoms are paid. Initially targeting a variety of industries, the group has evolved to focus on SaaS platforms and cloud environments.

Key insights

  • Employs sophisticated vishing techniques to gain initial access.
  • Targets Software-as-a-Service (SaaS) platforms and cloud environments.
  • Utilizes OAuth token exploitation and misconfigured applications for data exfiltration.
  • Operates under a 'pay or leak' model to extort victims.
  • Associated with other cybercriminal entities like Scattered Spider and Lapsus$.

Threat Level & Status Breakdown

For shinyhunters · Based on incidents in selected period

4.4threat level
Aggressiveness6/ 10
Lethality2.1/ 10
Criticality5.2/ 10

Status Breakdown

Data Leaked42.9%45
Claimed38.1%40
First seenJul 2025
Last seenJul 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJul 16, 2026

Recent activity

Monthly attack count for shinyhunters in the selected period

105Total attacks
21peak in Apr
9.5avg / month
JulAugSepOctJanFebMarAprMayJunJul06121824

Intelligence

IOCs, YARA/Sigma rules, and related families for shinyhunters

  1. a4566f8bd274ccdd7b0b5f958e1a8097573ad695
  2. 88bd49b1bd9c2bde78bc4e394c993035e0fde3ea
  3. 384e8f3d300205546fb8c9b9224011b3b3cb71adc994180ff55e1e6416f65715
  4. a9deac7dfa66c4fa0d94e448da73c50eb50501de
  5. db446f0e1d18b43805bfefe1af934ae4b0879e376904635cc7e14eae2d7fc682
  6. fc2907fa866f86e0821f75060a331ce69ee10ff3aa374587993b17ba5406fa33
  7. 65cba741fe30fa4799fb9002ea8de6d96042a59159dd7c3419c766af24c835e6
  8. e45b18c93d187aac5c4486f57483bc87580e15def82a312bfb377ff16eb96b22
  9. 0274b39e79fa142adb154d090fa2d09e
  10. 51d39aa39478beeac94f2d12f682ecce
  11. 56dfe55b016c08f09dd5a2ab58504b377a3cd66ffba236a5a0539f6e2e39aa71
  12. ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
  13. 821da79d727351dd67ce5df7950e9a3de6647a3cf474bb3a093f67507fed92a6
  14. 9f7080e56d9b33fe8465da4759146655
  15. 770c1dc157226638f8ad1ac9669f4883
  16. 42a08d1063980328bf1a1c5652c21a79e8b06d6abcac1881a0e8afa391b86c81
  17. 5cddc1cc22b6182d225f14f6eb4153819f35ea86
  18. c40c94d787f6a35ac1cb4c5f031cf5777b77c79dc3929181badea33aaf177aa7
  19. 5cdfb23517d671d3b2c0535b23d80dbc8b053288e881b4f5eb2f1221f1e7a7fc
  20. b122a9873bedf145ae2a7fd024b5f309007dbb025149f4dc4ac3f7e4f32a36a4
  21. 1f5ae3b51b2dbf9419f4b7d51725a49023abc81c
  22. 17158cd6490a2b3c672d087f3d69107643d6a6f7c67345461b10ae18f27e28d1
  23. df5ab9015833023a03f92a797e20196672c1d6525501a9f9a94a45b0904c7403
  24. 22f6e2b777f86fe5445a5823b988c5618ed05317
  25. 8284c8676cc22c4b2e66826ac16986da7ddecba1f2776b16771be17bfdc45dc2
  26. 1406e538fc441e89ce3d1747017f97a5
  27. 8f31f69f88a75d5faab4f94cfc2ec8a649fe1a24
  28. d0d17a50422e3d4a0a50fed0878a47d6
  29. 8e8f463c37ea7133194731bfe4490e6713dd0133f30fe08a6d069d10fa7db2c6
  30. d6af1c9f5ce407e53ec73c8e7187ed804fb4f80cf8dbd6722fc69e15e135db2e
  31. 668f932433a24bbae89d60b24eee4a24808fc741f62c5a3043bb7c9152342f40
  32. c16784e2c7b3e3b798addd718850da18f8eb532ab8f352c769a4470d7124805d
  33. 849ef3cf2c251f6088d735c7b67c3434e915a1d924efecf4d608dbe9bb01928a
  34. 110a5b08b1f83748019545067a69216b
  35. ae70dd4f6bc0d1c8c2848e4e6b51934626c4818dcb5af99d080ddbd7dc337185
  36. 1f31ad8a9733e56f285f565db6c1b30a41ae46393f2d5ed63a3c62b2227a2b43
  37. 4727365754cc41e4ba5a483f328289fd09a54651
  38. e84270afa3030b48dc9e0c53a35c65aa
  39. 98f9101bdd25da3a54da1891ae57f3dc
  40. 833fd59ebe66a4449982c6d18db656b4
  41. c2eeb74892408496f5a307a5b1fdc92d94fd014ab4252868f04046bf84718ab6
  42. 048e18416177de2ead251abdf4d89837f6807c6aba4d5b1debe49adfdecbf05c
  43. ac0e045b6f3683315ef420971f382e167385e39023d118d023fa6989e35fadf6
  44. 16164c83ce4786ab85aa3fc9566a317519e866ff6cad3fbd647f3e955b8a8255
  45. 717da2804144e9759c4e6409f18b7b4b
  46. aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
  47. d83fdb9e53c5ff03c4cb0451ea1bebd79b53f29eadc1e2fa394c7af13a86ce2f
  48. f29630beb594dbf25e738165705bb4a5
  49. f0410358a0d9dbd0dff3113d9c744ca7
  50. c7622a1effa27bbfee6d6e03d6474343
  51. d67a475f72ca65fd1ac5fd3be2f1cce2db78ba074f54dc4c4738d374d0eb19c7
  52. c7e9332731b06644fc73e0046a2a89eaa59b09f54250e9bd622467187351711f
  53. 29baab2551064fa30fb18955ccc8f332bd68ddd4
  54. 7d44697306143f3bfceba4f347d45ed1f9853087
  55. b13415f8c734e0d45aeca083ffcfe153
  56. b8c046a7c3a28653662140bb2eaad32d
  57. d4ac4d684aca924c9d532c245c016c2a
  58. 27f9183b9694b9ea1e71283dd084570f5e57bac1a3b64988f7667a76617a8a7a
  59. 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
  60. 94cb54d53927e4ba469099760db531be563a84d716df69e864062d90f0f2448d
  61. 0dfe23ab86cb5c1bfaf019521f3163aa5315a9ca3bb67d7d34eb51472c412b22
  62. 9887bc4eed59173d94f5340ef7c09e8ea68cd824
  63. 451a42db9c514514ab71218033967554507b59a60ee1fc3d88cbeb39eec99f20
  64. ba5ca32b25212cf2b57ecbfe785fa51d329b3dd0d0bf676609edbf7ef61f3c80
  65. 52baf9cedd288b0d53a5caed3e103487d9412ab9
  66. 52fda5c1b9704544f32ee98d9060e689
  67. 4db090498a57b85411417160747ffd8d4875f98b3ca2b83736a68900b7304d2b
  68. 80b7700053e115d65365ce7330383320
  69. 87c75c0df3e1c32e64d4c9ea129fcff9
  70. e8ad966042f179c415c605750488c9df353e4d2e
  71. 3a6e2c775c9c1060c54a9a94e80d923a
  72. c835fbfaf4aff8e8c252bb0ef406ddeb
  73. 04b14ead49adea9431147c145a89c07fea2c6f1cb515d9d38906c7696d9c91d5
  74. dd1c72823f933952619cbb86aaeaea43057a259e9a0c9e3b11c82225ec3faaa1
  75. c844d02c91d5e6dc293de80085ad2f69b5c44bc46ec9fdaa4e3efbda062c871c
  76. beadd181d0dbbbe36e0e311c5211a5dd
  77. 80e3a04fa68be799b3c91737e1918f8394b250603a231a251524244e4d7f77d9
  78. d5cd3d9243c875521b597bfb3d6d16e48d324e0e
  79. d20a3c928761fe00ac522eeb474612b5804cd9108453ea8591106d5d4428428e
  80. 43907e54cf3d1258f695d1112759b5457576481072cc76a679b8477cfeb3db87
  81. 17fd01e160ab44b6b189a9b3cb529bc74f790097
  82. 90aebc9849b659515fd70dde6db717ad457ab2a90522a410d1fd531ca8640624
  83. 1334f0189a8e6dbc48456fa4b482c5726ab7609f7fa652fcc4c1a96f2334436f
  84. 8dc32643ad886472aca642d293d752e76516d5ca
  85. 74a97d25595ad73129fa946dc3156cec
  86. 82b37a92589dfd4d67ca87eb9e52ac8e682e8e60d2211f59074cd5ccc693013b
  87. ada4e228e982a7e309bb6a3308e4872d
  88. 8a174aa70a4396547045aef6c69eb0259bae1706880f4375af71085eeb537059
  89. 4544e11195c4ccea90a0482a6ab2d38cc0e5f253
  90. 0cd3df20559504130571e116dda8cb18
  91. d6432b42f7a52976277bb00b29e761b9
  92. 0b812c1b1ae8299fcaf9ac192587eeed76f5abe4
  93. 1b153070934033deace7f04e77a72abe4e7e259271f885e25d81dc6337a9313d
  94. f174c19902523dcf005fa044b6598403a5e5c0a5982398d1bc0dcc5ec1cd351b
  95. f73eb3eef76498f4f73eb3eef76498f4
  96. 59ee007fd17280470724eb8a11ab12a98e85fd2383af3065f5f09a7e1a73f88c
  97. 84d3cba5b7cdcd1a231d1a1d860337bdae0dae84
  98. e67e7b8e0fb6baff4f25bb05dd5a5e21
  99. f5df98b344242c5eaad1fce421c640fadd71f7f21379d2bf7309001dfeb25972
  100. d46b4e8d188fe1773c44d38d730dcb6287639568240c765d9ad4ad79cd239e82
  101. ae76461aaaeb03b2906a0721e569effb
  102. 81f874e57dac9804e05834f47d5f1a5189f9c5e0
  103. 766c356d6a4b00078a0293460c5967764fcd788da8c1cd1df708695f3a15b777
  104. eada05f4bfd4876c57c24cd4b41f7a40ea97274c
  105. 736a6b312fe80efea9bc2e482629be06
  106. f744871f84ddf60cf744871f84ddf60c
  107. 39ac4805442361b6e731e8907d1bacb5ab782f09
  108. 1ccf8baf11427fae273ffed587b41c857fa2d8f3d3c6c0ddaa1fe4835f665eba
  109. ebcf977806f68af3147e0b78b55f6aed
  110. 7491066b46c3b0eb77dfcda9cce3c673
  111. b4259d3390c5b93a897091990a3379cd26bb3de1
  112. 0af93800a1bb97c87bf151c6056c1ac7bf8eaff5
  113. abe531e9f1e642c47260fac40dc41f59
  114. f02a924c9ff92a8780ce812511341182c6b509d45bc59f3f7b522e37225d24fc
  115. b1cebd305c6aa27048a3673e70f8e1604735b2c06c83452d2935c330b5a3eb58
  116. 9db8f7378e2df01c842cfcb617e64475
  117. 02af802fa1c1940102d6e31a5b7df9ed
  118. 818d0e9047f538fa85283d3343bd7d75e5bfc49f
  119. bdb33bbb4ea11884b15f67e5c974136e6294aa87459cdc276ac2eea85b1deaa3
  120. b9bba02d18bacc4bc8d9e4f70657d381568075590cc9d0e7590327d854224b32
  121. fc75a3800d8c2fa49b27b632dc9d7fb611b65201
  122. f58af71e542c67fbacf7acc53a43243a5301d115eb41e26e4d5932d8555510d0
  123. f2a430b3defdcaf7400f9d14abc864e3
  124. ad158a9ef5e849f7a2d10828a9aed89ebded7a2b5b3abb765f5797051cdf4a20
  125. 2ec78d556d696e208927cc503d48e4b5eb56b31abc2870c2ed2e98d6be27fc96
  126. 0810b4be454682ac5511783bb26cdda11dd96a1c
  127. 701d51b7be8b034c860bf97847bd59a87dca8481c4625328813746964995b626
  128. 8e61d65ebe8cbea2052862c03d516b7c9b5c5568
  129. 96ee9d3ed80c59c4bf39ed630efbfa53591fbe51155db7919ef64535a6171044
  130. 76842bcd75b4429e2c92636274ab0395d91c441c6aea9b76fe8a051659b0c1fc
  131. 025fc0976c548fb5a880c83ea3eb21a5f23c5d53c4e51e862bb893c11adf712a
  132. 1ecc8b796aeb6f6b9293562eca131fd36c6e05ec
  133. 2388ed7aee0b6b392778e8f9e98871c06499f476c9e7eae6ca0916f827fe65df
  134. 2ab684d93c1553fad87041b4dea97188a97e78589deee2a7bacff905564f3a35
  135. 891538df76d7525375d68f445685e93873281c32
  136. 333d79fc5f5d53d7f4fa285d588982ff
  137. 44994c720ad936809b54388d75945abd18b5707e20c9ee8f87b8f958ca8f5b16
  138. 027edad8db0e1abe6e88d073a9eb296a
  139. b10129c175c007148dd4f5aff4d7fb61eb3e4b0ed4897fea6b33e90555f2b845
  140. 9319c2f41e9ec22cfd53afdd6693cf81
  141. 0cb2f7651d50e1ed1a691e82f0297d49444bdded2461e136cffb156d4f234e52
  142. 9d48d741d0a149aeadd6aef4b2c95c57833b1fef
  143. d080f553c9b1276317441894ec6861573fa64fb1fae46165a55302e782b1614d
  144. 832a5a3bc2ee69201f5da1ecf810a774e6a23b30
  145. 3357b96f7baef169e28ed5a24ea79f59
  146. 65ab49119c845801f29a57e8aa177146b2ffbd289d4278109b146f933380f951
  147. 9c0409be11a6c4433896db58e7095464
  148. b97812a2e6be54e725defbab88357fa2
View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for shinyhunters

CVE-2026-35273
CVE-2025-61884
CVE-2025-61882
CVE-2025-55234
CVE-2025-54918
CVE-2025-50107
CVE-2025-50105
CVE-2025-50090
CVE-2025-50071
CVE-2025-50062
CVE-2025-30746
CVE-2025-30745
CVE-2025-30744
CVE-2025-30743
CVE-2025-30739
CVE-2024-50623
CVE-2024-21287
CVE-2023-34362
CVE-2021-44228
CVE-2021-35587
Collection

T1213

Data from Information Repositories

Defense Evasion

T1550.001

Application Access Token

Victims(104)

CompanyDomainCountryIndustryStatusDiscovered
Abbott owned Exact Sciences CorporationUS United StatesHealthcare
Data Leaked
2 days ago
Fluke Corporationfluke.comUS United StatesManufacturing
Unknown
16 days ago
Ingram Content Group, Inc.ingramcontent.comUS United StatesProfessional Services
Unknown
16 days ago
Adapt******Technology
Data Leaked
23 days ago
icsecurity.comicsecurity.comUS United StatesTechnology
Data Leaked
29 days ago
Amazon owned OneMedical.comonemedical.comUS United StatesHealthcare
Data Leaked
29 days ago
NAIC.orgnaic.orgUS United StatesProfessional Services
Data Leaked
29 days ago
Service Notice: Scheduled Maintenance and Infrastructure Upgrades
Data Leaked
about 1 month ago
icc.eduicc.eduUS United StatesEducation
Data Leaked
about 1 month ago
moody.edumoody.eduUS United StatesEducation
Data Leaked
about 1 month ago
glendale.eduglendale.eduUS United StatesEducation
Data Leaked
about 1 month ago
hccs.eduhccs.eduUS United StatesEducation
Data Leaked
about 1 month ago
kodak.comkodak.comUS United StatesManufacturing
Data Leaked
about 1 month ago
Deep Well Servicesdeepwellservices.comUS United StatesEnergy & Utilities
Data Leaked
about 1 month ago
Sysco Corporationsysco.comUS United StatesOther
Data Leaked
about 1 month ago
coe.intcoe.intFR FranceGovernment & Defense
Data Leaked
about 1 month ago
Madison Square Garden Sports Corp.msgsports.comUS United StatesHospitality
Data Leaked
about 1 month ago
JCPenney & several other subsdiaries under Catalyst Brands & Authentic Brands Groupjcpenney.comUS United StatesRetail & E-Commerce
Data Leaked
about 1 month ago
American Tower Corporationamericantower.comUS United StatesTechnology
Data Leaked
about 1 month ago
Zayo.com & Allstream.comzayo.comUS United StatesTechnology
Data Leaked
about 1 month ago

Page 1 of 6