{{Short description|Cybercrime group}} {{Use dmy dates|date=October 2025}} {{Infobox organization | name = Scattered LAPSUS$ Hunters | formation = 2025 | native_name = | native_name_lang = | image = | image_alt = | caption = | former_name = | named_after = Collation of [[ShinyHunters]], [[Scattered Spider]], and [[Lapsus$]] | founder = [[ShinyHunters]] | type = [[Cybercrime]] gang | purpose = | headquarters = | region_served = | methods = [[Spearphishing]], [[SIM swapping]], recruitment of accomplices via social media, [[extortion]], [[hacker|hacking]], [[Social engineering (security)]], [[Ransomware]] | num_members = Over 10 (suspected to be more) | language = English, French | leader_title = [[ShinyHunters]] | leader_name = ShinyCorp | parent_organization = [[ShinyHunters]] | affiliations = [[ShinyHunters]], [[Scattered Spider]], and [[Lapsus$]] | website = | remarks = }} '''Scattered Lapsus$ Hunters''', sometimes referred to as '''UNC6040 and UNC6395''',<ref>{{cite web |title=FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks |url=https://thehackernews.com/2025/09/fbi-warns-of-unc6040-and-unc6395.html |access-date=2025-11-03 |website=The Hacker News |language=en}}</ref><ref>{{Cite web |date=2025-10-07 |title=ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security |url=https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/ |access-date=2025-11-03 |language=en-US}}</ref> is a cybercrime supergroup also known and referred to as "Trinity of Chaos".<ref>{{Cite web |date=2025-09-25 |title=Resecurity {{!}} Trinity of Chaos: The LAPSUS$, ShinyHunters, and Scattered Spider Alliance Embarks on Global Cybercrime Spree |url=https://www.resecurity.com/blog/article/trinity-of-chaos-the-lapsus-shinyhunters-and-scattered-spider-alliance-embarks-on-global-cybercrime-spree |access-date=2025-11-03 |website=www.resecurity.com |language=en}}</ref> The supergroup is an international [[extortion]]-focused collective or alliance. They first appeared in or around August 2025,<ref name="regohno">{{cite web |title=Three notorious cybercrime gangs appear to be collaborating |url=https://www.theregister.com/2025/08/12/scattered_spidershinyhunterslapsus_cybercrime_collab/ |access-date=2025-10-18 |website=TheRegister |language=en}}</ref> and have claimed responsibility for several notable data breaches, including but not limited to; stealing over 1 billion customer records from [[Salesforce]] from both their UNC6040<ref>{{Cite web |last=Gatlan |first=Sergiu |title=ShinyHunters launches Salesforce data leak site to extort 39 victims |url=https://www.bleepingcomputer.com/news/security/shinyhunters-starts-leaking-data-stolen-in-salesforce-attacks/ |access-date=2025-11-03 |website=BleepingComputer |language=en-us}}</ref> and UNC6395<ref>{{Cite web |last=Abrams |first=Lawrence |title=ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks |url=https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/ |access-date=2025-11-03 |website=BleepingComputer |language=en-us}}</ref> campaigns,<ref>{{cite web |last1=Whittaker |first1=Lorenzo Franceschi-Bicchierai, Zack |date=3 October 2025 |title=Hacking group claims theft of 1 billion records from Salesforce customer databases |url=https://techcrunch.com/2025/10/03/hacking-group-claims-theft-of-1-billion-records-from-salesforce-customer-databases/ |access-date=2025-10-18 |website=TechCrunch}}</ref><ref name="arssf">{{cite web |last1=Goodin |first1=Dan |date=8 October 2025 |title=Salesforce says it won't pay extortion demand in 1 billion records breach |url=https://arstechnica.com/security/2025/10/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach/ |access-date=2025-10-18 |website=Ars Technica |language=en}}</ref><ref>{{cite web |title=Become a Computing member Hacking group claims theft of one billion Salesforce records |url=https://www.computing.co.uk/news/2025/security/hacking-group-claims-theft-billion-salesforce-records |access-date=2025-10-18 |website=Computing.co.uk}}</ref> [[Red Hat|RedHat]]<ref>{{Cite web |last=Abrams |first=Lawrence |title=Red Hat data breach escalates as ShinyHunters joins extortion |url=https://www.bleepingcomputer.com/news/security/red-hat-data-breach-escalates-as-shinyhunters-joins-extortion/ |access-date=2025-11-03 |website=BleepingComputer |language=en-us}}</ref> and doxxing ICE officials.<ref>{{cite web |last1=Cox · |first1=Joseph |date=17 October 2025 |title=Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials |url=https://www.404media.co/hackers-dox-hundreds-of-dhs-ice-fbi-and-doj-officials/ |access-date=2025-10-18 |website=404 Media |language=en}}</ref> Their website [[BreachForums]] was seized by the US and French police forces in [https://x.com/fbi/status/1977464345651982491 October 2025] following the public extortions against [[Salesforce]].<ref>{{cite web |title=Cops seize Scattered Lapsus$ Hunters' BreachForums domain |url=https://www.theregister.com/2025/10/10/cops_seize_breachforums/ |access-date=2025-10-18 |website=TheRegister |language=en}}</ref> The supergroup claimed on their [[Telegram (software)|Telegram]] channel to be formed from members of other groups like [[Scattered Spider]], [[Lapsus$]] and [[ShinyHunters]].<ref name="regohno" />
==References== {{reflist}}
{{Hacking in the 2020s|state=collapsed}}
[[Category:Hacker groups]] [[Category:2020s in hacking]]