TZUTC: -0500
MSGID: 1679.consprcy@1:2320/105 2d71eaa6
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Three of the biggest cybercrime gangs around appear to be teaming up - which
could be bad news for all of us

Date:
Wed, 05 Nov 2025 17:04:00 +0000

Description:
Scattered Lapsus$ Hunters are making it official, and joining forces to
terrorize organizations everywhere.

FULL STORY

Three of the biggest cybercrime gangs around - Scattered Spider, Lapsus$, and
ShinyHunters, seem to have officially teamed up into a federated 
cybercriminal brand. 

While news of the merger has been popping up across the web for months now,
security researchers Trustwave recently published new research making the
reports of the Scattered Lapsus$ Hunters (SLH) group somewhat official. 

Trustwave said that the alliance formed around August 2025, and operates
mainly on Telegram, where it runs public-facing channels. Unlike other groups
who use a combination of clearweb and onion websites for data leaks, SLH uses
Telegram to promote itself, leak data, and intimidate victims. It uses
Extortion-as-a-Service (EaaS), allowing affiliates to use its brand name to
scare targets and demand ransoms .

Acting like hacktivists 

Trustwave said its analysis showed SLH doesnt behave like your usual
ransomware group, instead mixing financially motivated cybercrime with
attention-seeking, more akin to hacktivists. 

They are using dramatic language, polls, and public taunts against law
enforcement - especially the FBI, and the NCA. Still, its main motive remains
money, not ideology. 

Technically, the group seems highly skilled, Trustwave further explains, as 
it conducts credential theft, social engineering, phishing/vishing, zero-day
exploitation, and data exfiltration, often targeting cloud and SaaS 
providers. 

Its not a particularly large group - it counts under five core operators who
are mostly from ShinyHunters. Obviously, the members are using multiple 
online personas to hide their true identities. 

Trustwave concludes that SLH represents a federated or networked criminal
brand, which is  a new model where cyber gangs share reputations and 
audiences for greater impact. Its seen as a sign of professionalization in
cybercrime, where branding, visibility, and social performance are as
important as technical skill. 

The group also seems to be punching up, looking for high-profile victims,
adding no less than Salesforce to its list of alleged victims. 

======================================================================
Link to news story:
https://www.techradar.com/pro/security/three-of-the-biggest-cybercrime-gangs-a
round-appear-to-be-teaming-up-which-could-be-bad-news-for-all-of-us

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426