Archetyp Links

A collective of Anglophon Cybercriminals, known for its devastating raids in the company databases, has recently inaugurated a website dedicated to the entry of its victims, threatening to publish almost a billion stolen personal data.This represents a significant change in the tactics used by these groups, which historically preferred to operate in the shadows avoiding any visible online presence. A collective with a thousand identities The group in question operates under several denominations that reflect its fragmented and decentralized nature: Lapsus $, Scatted Spider and Shinyhunters represent the faces of a criminal organization that has made versatility its main weapon.Their last move consists in the creation of "Scatted Lapsus $ Hunters", a portal housed in the Dark Web that acts as a showcase for their extortion activities.The site, identified for the first time last Friday by researchers specialized in intelligence of computer threats, constitutes an unprecedented digital blackmail platform. The message published on the homepage leaves no room for misunderstandings: "Contact us to re -teenage control over the governance of data and prevent public dissemination of your information. Do not become the next newspaper title".The communication continues ensuring that all contacts will require a rigorous verification and will be managed with discretion, an approach that paradoxically mimics the practices of legitimate companies. The assault on the company giants In recent weeks, the Shinyhunters collective has orchestrated an unprecedented attack campaign by targeting dozens of multinational companies through infiltration in their cloud database hosted by Salesforce.The list of confirmed victims sees the presence of big names in the international business: the insurance giant Allianz Life, Google, the Kering fashion conglomerate, the Australian airline Qantas, the car giant Stellantis, the Transunion credit agency and the workday staff management platform. A billion records stolen represent the new digital extortion standard The Hacker Leak site lists further alleged victims, including Fedex, Hulu (Disney property) and Toyota Motors, companies that have currently not issued public statements regarding the attacks suffered.This disparity between confirmed victims and those not yet pronounced raises questions about the possibility that some organizations have already sold to redemption requests to avoid the publication of their sensitive data. Salesforce in the viewfinder The section of the site dedicated specifically to Salesforce appears particularly significant, where IT criminals explicitly require the cloud computing platform to start negotiations for the payment of a redemption."All your customers will be disclosed", threaten hackers, suggesting through the tone of the message that the company has not yet undertaken any dialogue with the criminal group.Salesforce's failure to respond to the commentary requests leaves in uncertainty the strategy that the company intends to adopt in the face of this public pressure. The evolution of the IT crime This development represents a significant tactical evolution for a group that traditionally avoided any public presence.The computer security experts had already hypothesized in the past few weeks that the collective was planning the launch of a platform dedicated to extortion, following a model historically associated with ransomware groups of foreign origin, often Russophones. The criminal paradigm has in fact radically transformed in recent years: if in the past these groups limited themselves to stealing and encrypting the data of the victims by privately requesting a redemption for decryption, today the dominant strategy consists in the double extortion.Criminals not only block access to systems, but also threaten to make public sensitive information public, creating a double pressure level on affected organizations.