# Scattered Lapsus$ Hunters

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Scattered_Lapsus%24_Hunters
> Markdown URL: https://mediated.wiki/source/Scattered_Lapsus%24_Hunters.md
> Source: https://en.wikipedia.org/wiki/Scattered_Lapsus%24_Hunters
> Source revision: 1351139272
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

Cybercrime group

Scattered LAPSUS$ Hunters Named after Collation of ShinyHunters, Scattered Spider, and Lapsus$ Formation 2025 Founder ShinyHunters Type Cybercrime gang Methods Spearphishing, SIM swapping, recruitment of accomplices via social media, extortion, hacking, Social engineering (security), Ransomware Members Over 10 (suspected to be more) Official language English, French ShinyHunters ShinyCorp Parent organization ShinyHunters Affiliations ShinyHunters, Scattered Spider, and Lapsus$

**Scattered Lapsus$ Hunters**, sometimes referred to as **UNC6040 and UNC6395**,[1][2] is a cybercrime supergroup also known and referred to as "Trinity of Chaos".[3] The supergroup is an international [extortion](/source/Extortion)-focused collective or alliance. They first appeared in or around August 2025,[4] and have claimed responsibility for several notable data breaches, including but not limited to; stealing over 1 billion customer records from [Salesforce](/source/Salesforce) from both their UNC6040[5] and UNC6395[6] campaigns,[7][8][9] [RedHat](/source/Red_Hat)[10] and doxxing ICE officials.[11] Their website [BreachForums](/source/BreachForums) was seized by the US and French police forces in [October 2025](https://x.com/fbi/status/1977464345651982491) following the public extortions against [Salesforce](/source/Salesforce).[12] The supergroup claimed on their [Telegram](/source/Telegram_(software)) channel to be formed from members of other groups like [Scattered Spider](/source/Scattered_Spider), [Lapsus$](/source/Lapsus%24) and [ShinyHunters](/source/ShinyHunters).[4]

## References

1. **[^](#cite_ref-1)** ["FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks"](https://thehackernews.com/2025/09/fbi-warns-of-unc6040-and-unc6395.html). *The Hacker News*. Retrieved 3 November 2025.

1. **[^](#cite_ref-2)** ["ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security"](https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/). 7 October 2025. Retrieved 3 November 2025.

1. **[^](#cite_ref-3)** ["Resecurity | Trinity of Chaos: The LAPSUS$, ShinyHunters, and Scattered Spider Alliance Embarks on Global Cybercrime Spree"](https://www.resecurity.com/blog/article/trinity-of-chaos-the-lapsus-shinyhunters-and-scattered-spider-alliance-embarks-on-global-cybercrime-spree). *www.resecurity.com*. 25 September 2025. Retrieved 3 November 2025.

1. ^ [***a***](#cite_ref-regohno_4-0) [***b***](#cite_ref-regohno_4-1) ["Three notorious cybercrime gangs appear to be collaborating"](https://www.theregister.com/2025/08/12/scattered_spidershinyhunterslapsus_cybercrime_collab/). *TheRegister*. Retrieved 18 October 2025.

1. **[^](#cite_ref-5)** Gatlan, Sergiu. ["ShinyHunters launches Salesforce data leak site to extort 39 victims"](https://www.bleepingcomputer.com/news/security/shinyhunters-starts-leaking-data-stolen-in-salesforce-attacks/). *BleepingComputer*. Retrieved 3 November 2025.

1. **[^](#cite_ref-6)** Abrams, Lawrence. ["ShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacks"](https://www.bleepingcomputer.com/news/security/shinyhunters-claims-15-billion-salesforce-records-stolen-in-drift-hacks/). *BleepingComputer*. Retrieved 3 November 2025.

1. **[^](#cite_ref-7)** Whittaker, Lorenzo Franceschi-Bicchierai, Zack (3 October 2025). ["Hacking group claims theft of 1 billion records from Salesforce customer databases"](https://techcrunch.com/2025/10/03/hacking-group-claims-theft-of-1-billion-records-from-salesforce-customer-databases/). *TechCrunch*. Retrieved 18 October 2025.{{[cite web](https://en.wikipedia.org/wiki/Template:Cite_web)}}: CS1 maint: multiple names: authors list ([link](https://en.wikipedia.org/wiki/Category:CS1_maint:_multiple_names:_authors_list))

1. **[^](#cite_ref-arssf_8-0)** Goodin, Dan (8 October 2025). ["Salesforce says it won't pay extortion demand in 1 billion records breach"](https://arstechnica.com/security/2025/10/salesforce-says-it-wont-pay-extortion-demand-in-1-billion-records-breach/). *Ars Technica*. Retrieved 18 October 2025.

1. **[^](#cite_ref-9)** ["Become a Computing member Hacking group claims theft of one billion Salesforce records"](https://www.computing.co.uk/news/2025/security/hacking-group-claims-theft-billion-salesforce-records). *Computing.co.uk*. Retrieved 18 October 2025.

1. **[^](#cite_ref-10)** Abrams, Lawrence. ["Red Hat data breach escalates as ShinyHunters joins extortion"](https://www.bleepingcomputer.com/news/security/red-hat-data-breach-escalates-as-shinyhunters-joins-extortion/). *BleepingComputer*. Retrieved 3 November 2025.

1. **[^](#cite_ref-11)** Cox ·, Joseph (17 October 2025). ["Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials"](https://www.404media.co/hackers-dox-hundreds-of-dhs-ice-fbi-and-doj-officials/). *404 Media*. Retrieved 18 October 2025.

1. **[^](#cite_ref-12)** ["Cops seize Scattered Lapsus$ Hunters' BreachForums domain"](https://www.theregister.com/2025/10/10/cops_seize_breachforums/). *TheRegister*. Retrieved 18 October 2025.

v t e Hacking in the 2020s ← 2010s Timeline of security hacking incidents Timeline of computer viruses and worms Major incidents 2020 BlueLeaks Twitter account hijacking European Medicines Agency data breach Nintendo data leak United States federal government data breach EasyJet data breach Vastaamo data breach Windows XP Service Pack 1 and Server 2003 RTM source code leaks 2021 Microsoft Exchange Server breach Ivanti Pulse Connect Secure data breach Colonial Pipeline ransomware attack Health Service Executive ransomware attack Waikato District Health Board ransomware attack JBS S.A. ransomware attack Kaseya VSA ransomware attack Transnet ransomware attack Epik data breach FBI email hack National Rifle Association ransomware attack Banco de Oro hack Iranian fuel cyberattack 2022 Ukraine cyberattacks Red Cross data breach Anonymous and the Russian invasion of Ukraine Viasat hack DDoS attacks on Romania Costa Rican ransomware attack LastPass vault theft Shanghai police database leak Grand Theft Auto VI content leak Optus data breach 2023 Munster Technological University ransomware attack Capita data breach Evide data breach MOVEit data breach Insomniac Games data breach Operation Triangulation cyberattack British Library cyberattack 2024 XZ Utils backdoor Kadokawa and Niconico Change Healthcare ransomware attack Ukrainian cyberattacks against Russia 2024 WazirX hack Trump campaign hack Fur Affinity domain hijacking IRLeaks attack on Iranian banks Internet Archive data breach i-Soon leak 2024 global telecommunications hack 2024 National Public Data breach 2025 Cyberattacks on Bank Sepah 2025 Paraguay ransomware attack 4chan hacking and data breach 2025 St. Paul cyberattack Jaguar Land Rover cyberattack Collins Aerospace cyberattack 2025 cyberattack on Polish power grid 2026 Aura (security) data breach ManageMyHealth data breach Neighbourly data breach Cyberwarfare during the 2026 Iran war 2026 Canvas data breach Groups Anonymous associated events Anonymous Sudan Berserk Bear BlackCat Clop Cozy Bear DarkMatter DarkSide Dark Storm Team Dridex Ghostwriter GnosticPlayers Guacamaya Hafnium Indian Cyber Force IT Army of Ukraine Killnet Lapsus$ LightBasin LockBit OceanLotus REvil Rhysida Sandworm Sakura Samurai ShinyHunters SiegedSec Vice Society Wizard Spider Individuals Graham Ivan Clark maia arson crimew IntelBroker Kirtaner Major vulnerabilities publicly disclosed SMBGhost (2020) Thunderspy (2020) PrintNightmare (2021) FORCEDENTRY (2021) Log4Shell (2021) Account pre-hijacking (2022) Retbleed (2022) Downfall (2023) LogoFAIL (2023) Reptar (2023) Terrapin (2023) GoFetch (2024) Sinkclose (2024) Copy Fail (2026) Malware Adrozek CovidLock Drovorub Predator BlackLotus Cyclops Blink Pipedream Akira ClickFix Gayfemboy BootKitty

---
Adapted from the Wikipedia article [Scattered Lapsus$ Hunters](https://en.wikipedia.org/wiki/Scattered_Lapsus%24_Hunters) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Scattered_Lapsus%24_Hunters?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
