shinyhunters
Ransomware group profile
97Victims
United StatesSource country
90Impact score
Also Known As
UNC6040
Scattered Lapsus$ Hunters (SLH)
ShinyCorp
Description
ShinyHunters is a financially motivated cybercriminal group that specializes in large-scale data breaches and extortion. They primarily operate using a 'pay or leak' model, threatening to expose sensitive information unless ransoms are paid. Initially targeting a variety of industries, the group has evolved to focus on SaaS platforms and cloud environments.
Key insights
- •Employs sophisticated vishing techniques to gain initial access.
- •Targets Software-as-a-Service (SaaS) platforms and cloud environments.
- •Utilizes OAuth token exploitation and misconfigured applications for data exfiltration.
- •Operates under a 'pay or leak' model to extort victims.
- •Associated with other cybercriminal entities like Scattered Spider and Lapsus$.
Threat Level & Status Breakdown
For shinyhunters · Based on incidents in selected period
4.4threat level
Aggressiveness8/ 10
Lethality1.3/ 10
Criticality3.9/ 10
Status Breakdown
Data Leaked25.8%25
Claimed57.7%56
First seenJun 2025
Last seenMay 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for shinyhunters in the selected period
97Total attacks
21peak in Apr
9.7avg / month
↑ 3 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for shinyhunters
- 22dc4f59eb8b51719aa581c809523059
- 88bd49b1bd9c2bde78bc4e394c993035e0fde3ea
- 7c2fd6a44fe9f58514725bb3956c9de9
- 405a61cad51fd80d45659580c36c43b4ad80a561
- 16788394ce3268cfde44286f40c5d17cfa90151532b6b0339f2e27a8ecf0a6bc
- 3ffaad7e9e51b07906da9d61ad39404f
- db446f0e1d18b43805bfefe1af934ae4b0879e376904635cc7e14eae2d7fc682
- 71a7cf2805bff765a69cac1bbab13e52e84a5c9144680c165c0900a12241b56f
- 898ae7ef806332af69b9e5238ce920445a1a5e0f
- 65cba741fe30fa4799fb9002ea8de6d96042a59159dd7c3419c766af24c835e6
- e0e7337d14a3e82067dc8ee5e51ad7ed94ecc9057459728f99597ec3c105686c
- 0809966b4a5fd157a61caa845e3da075
- 56dfe55b016c08f09dd5a2ab58504b377a3cd66ffba236a5a0539f6e2e39aa71
- 4c9d413e0e357ddf0601b39c91046a8d4f3d5b00
- ab4fcadaec49c03278063dd269ea5eef82d24f2124a8e15d7b90f2fa8601266c
- 82e7ba597784cd12d283b998d54e74c7abe7778f
- 42a08d1063980328bf1a1c5652c21a79e8b06d6abcac1881a0e8afa391b86c81
- c40c94d787f6a35ac1cb4c5f031cf5777b77c79dc3929181badea33aaf177aa7
- a68b9bd5fa5702c121bcb68243113813
- 5cdfb23517d671d3b2c0535b23d80dbc8b053288e881b4f5eb2f1221f1e7a7fc
- ba01212cab818c10e49100909a254a5435cef8b8303fa6fa06a233d53ce9851e
- 6915bfa028338e9a4c13e30cb8f7f5ee40bffe08
- 48cc6671cdf4aec9ebb25ec428dc47eb09f39dc063de1ae0b24a788a346b13d1
- 17158cd6490a2b3c672d087f3d69107643d6a6f7c67345461b10ae18f27e28d1
- df5ab9015833023a03f92a797e20196672c1d6525501a9f9a94a45b0904c7403
- aaa48e48a10aeefea9610a67d4846b46208c7562
- ac0b86bf664770295ad2de9a46edabc374040a467471a61fdac436d52e451964
- bd87bb63d5ddccc33dcd46ebad6a0e41fc7d54e4
- 22f6e2b777f86fe5445a5823b988c5618ed05317
- 4871b5d5b851794544baa1f282ad0c211eb12c2d
- cd1c4a472f2b3d626cf59755ca4a86808f913f0da15a6b4c7632e9b68e0ab361
- e5ddcc6d375325b566ef3417bdfb3abe3e4f9bddfee80502074599b88c4d3a53
- 1406e538fc441e89ce3d1747017f97a5
- b3b75160d70e5544ef4b2616868e37690524c38081b9605942ebdb5237e0908b
- 8f31f69f88a75d5faab4f94cfc2ec8a649fe1a24
- d0d17a50422e3d4a0a50fed0878a47d6
- 668f932433a24bbae89d60b24eee4a24808fc741f62c5a3043bb7c9152342f40
- e15939084d14ee8641ae2c2465cf25a84b8350ca
- 6bff81787fb052dc05af00f565f8dd6391082d592a0aa06c2cdac4bb00f1467f
- be018486657cb88a593e2d5fe5638771
- 1f31ad8a9733e56f285f565db6c1b30a41ae46393f2d5ed63a3c62b2227a2b43
- e84270afa3030b48dc9e0c53a35c65aa
- 230f050c1431c2aaa9288f792aa2e817
- 89fd2d39acb29d1e884844f5b0d62e1e
- f582956324d2c6338ccfd139b1d10565110eb945
- 0381298b78d11d3142eea5db3729688fcec55f79308acdc7556944dfb82a1a02
- 863f8e761905985d4cba870b9aec44982cceb6209c05e72707522fd96e2d4e18
- ac0e045b6f3683315ef420971f382e167385e39023d118d023fa6989e35fadf6
- 16164c83ce4786ab85aa3fc9566a317519e866ff6cad3fbd647f3e955b8a8255
- 39b9fbdac01d1bc2cc8ddea4ef386cd0
- cda07296d20a239bdb9cb5a2c9a814f69811bc85ced8bf32e998b906a413f416
- 717da2804144e9759c4e6409f18b7b4b
- eb5a49591093b0256f2e8fe1b9381b61a03efdd3
- b7b89ddc643bf64fcffeb28d02706a9680806e54
- aa688682d44f0c6b0ed7f30b981a609100107f2d414a3a6e5808671b112d1878
- f0410358a0d9dbd0dff3113d9c744ca7
- 29fb32a4e0c0aa7c7eb466718020856454e053f3
- 29baab2551064fa30fb18955ccc8f332bd68ddd4
- 7d44697306143f3bfceba4f347d45ed1f9853087
- 3a517babc6c6ef89c1e460c1866fc59e
- 97e004f0fc5d458d290402f9e4060c04be4832a40dd05ccc34de86c1211496d4
- b8c046a7c3a28653662140bb2eaad32d
- fd108b640511e040ff81be0ea54bb8bdfdb12aff54def52ac147c3fa112a143e
- d4ac4d684aca924c9d532c245c016c2a
- ab2ea8d335b5da13e850c8d63e48afac4e55a418
- 5414e0bc0edd5dfb010f1a8fc6dc1c9f5d2c9682f079506fc32bd255900cec08
- 6a36f58d0ba8f1f9313ec04f569ee2b8
- 4c300ed5aded08c36854fa3beec5468ac6ff35670244fe1f088d3bddb19c3a46
- 9a739d1698e4152ca954947a1e804172
- 27f9183b9694b9ea1e71283dd084570f5e57bac1a3b64988f7667a76617a8a7a
- 90b760ed1d0dcb3ef0f2b6d6195c9d852bcb65eca293578982a8c4b64f51b035
- 38ef875413017df46618754437b238af3c844c06
- 0dfe23ab86cb5c1bfaf019521f3163aa5315a9ca3bb67d7d34eb51472c412b22
- 9887bc4eed59173d94f5340ef7c09e8ea68cd824
- f3e80d7433fa0ec908a332aca06e3f47
- 7869cd076d6c995d18ee3df642ab13ce
- a716aca56a2d4e5a7214f4b37f38dd77ca3afe1b5c82d76a374ef19514af6db6
- ea6842e8d4451b88232b13d5826ab861
- a798c49ced9c0257bcde5ed1a09d4b07f64c0c41f5027c5cf7cf65fc7b1c9cc4
- 7b4943d925f431aae56aca2d86c4ad5b0bde681057969c2d15e06b2085340e27
- ff555d3a1968a706add19a6fbb1012011923a4b0
- 4db090498a57b85411417160747ffd8d4875f98b3ca2b83736a68900b7304d2b
- 344b141fa49480280ec4d213e9a5aaebb79fbf3c8bd34f3e31752589760b38c2
- ffd7f2c53e734000a619281eb8c04d8e68e3aa94
- fc40656a997a0b67104dfd31a4fefcb5
- 3a6e2c775c9c1060c54a9a94e80d923a
- 5a10ebaf5d067e5597feb759234239774e081380
- bbc2cc4bf2d7dc02aeed7b49e9e8370a8364a398
- 6fa040319e72cef801c0ccf50c2e9bc568a3b4b3
- dd1c72823f933952619cbb86aaeaea43057a259e9a0c9e3b11c82225ec3faaa1
- c844d02c91d5e6dc293de80085ad2f69b5c44bc46ec9fdaa4e3efbda062c871c
- 720451ebd032018a39ff05792af6a05ff5ebed6595980b51cdcc0292a60f1bd4
- 80e3a04fa68be799b3c91737e1918f8394b250603a231a251524244e4d7f77d9
- 43907e54cf3d1258f695d1112759b5457576481072cc76a679b8477cfeb3db87
- 5a4da648e73e933df3992ef57b48cf382ba9b5630a5aa2b08c561bd603f3792f
- 90aebc9849b659515fd70dde6db717ad457ab2a90522a410d1fd531ca8640624
- a3a764beb819586f22bb3455cc0227c242729797
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for shinyhunters
CVE-2025-61884
CVE-2025-61882
CVE-2025-55234
CVE-2025-54918
CVE-2025-50107
CVE-2025-50105
CVE-2025-50090
CVE-2025-50071
CVE-2025-50062
CVE-2025-30746
CVE-2025-30745
CVE-2025-30744
CVE-2025-30743
CVE-2025-30739
CVE-2024-50623
CVE-2023-34362
CVE-2021-44228
CVE-2021-35587
Collection
T1213
Data from Information Repositories
Defense Evasion
T1550.001
Application Access Token
Victims(97)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| DentaQuest, LLC. | — | US United States | Healthcare | Unknown | 5 days ago | |
| BCD Travel | — | US United States | Hospitality | Data Leaked | 5 days ago | |
| DentaQuest, LLC | — | US United States | Healthcare | Data Leaked | 7 days ago | |
| Baker Distributing Company | — | US United States | Professional Services | Data Leaked | 12 days ago | |
| Charter Communications, Inc. | — | US United States | Technology | Data Leaked | 12 days ago | |
| DentaQuest.com | — | US United States | Healthcare | Data Leaked | 12 days ago | |
| PRESS STATEMENT 13/05/2026 | — | — | Education | Unknown | 22 days ago | |
| Notification | — | US United States | Technology | Unknown | 24 days ago | |
| Houghton Mifflin Harcourt Company | — | US United States | Education | Data Leaked | 26 days ago | |
| PRESS STATEMENT | — | — | Other | Unknown | 26 days ago | |
| Adelante Soluciones Financieras | addi.com | CO Colombia | Financial Services | Unknown | 30 days ago | |
| Entire list of affected schools by Instructure breach | — | — | Education | Data Leaked | 30 days ago | |
| Instructure Holdings, Inc. (Canva LMS, instructure.com) | — | US United States | Education | Data Leaked | about 1 month ago | |
| Cushman & Wakefield Inc. | cushmanwakefield.com | US United States | Professional Services | Data Leaked | about 1 month ago | |
| TOWERPOINT WEALTH, LLC | — | US United States | Financial Services | Data Leaked | about 1 month ago | |
| Follett Software LLC | — | US United States | Technology | Data Leaked | about 1 month ago | |
| Vimeo, Inc. | — | US United States | Technology | Data Leaked | about 1 month ago | |
| Udemy, Inc. | udemy.com | US United States | Education | Claimed | about 1 month ago | |
| ADT, Inc. | adt.com | US United States | Professional Services | Claimed | about 1 month ago | |
| Aman Resorts | aman.com | CH Switzerland | Hospitality | Claimed | about 2 months ago |
Page 1 of 5
Affected countries(27)
Countries where this group has been reported to target or leak victims.