TZUTC: -0500   
   MSGID: 1679.consprcy@1:2320/105 2d71eaa6   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Three of the biggest cybercrime gangs around appear to be teaming up - which   
   could be bad news for all of us   
      
   Date:   
   Wed, 05 Nov 2025 17:04:00 +0000   
      
   Description:   
   Scattered Lapsus$ Hunters are making it official, and joining forces to   
   terrorize organizations everywhere.   
      
   FULL STORY   
      
   Three of the biggest cybercrime gangs around - Scattered Spider, Lapsus$, and   
   ShinyHunters, seem to have officially teamed up into a federated    
   cybercriminal brand.    
      
   While news of the merger has been popping up across the web for months now,   
   security researchers Trustwave recently published new research making the   
   reports of the Scattered Lapsus$ Hunters (SLH) group somewhat official.    
      
   Trustwave said that the alliance formed around August 2025, and operates   
   mainly on Telegram, where it runs public-facing channels. Unlike other groups   
   who use a combination of clearweb and onion websites for data leaks, SLH uses   
   Telegram to promote itself, leak data, and intimidate victims. It uses   
   Extortion-as-a-Service (EaaS), allowing affiliates to use its brand name to   
   scare targets and demand ransoms .   
      
   Acting like hacktivists    
      
   Trustwave said its analysis showed SLH doesnt behave like your usual   
   ransomware group, instead mixing financially motivated cybercrime with   
   attention-seeking, more akin to hacktivists.    
      
   They are using dramatic language, polls, and public taunts against law   
   enforcement - especially the FBI, and the NCA. Still, its main motive remains   
   money, not ideology.    
      
   Technically, the group seems highly skilled, Trustwave further explains, as    
   it conducts credential theft, social engineering, phishing/vishing, zero-day   
   exploitation, and data exfiltration, often targeting cloud and SaaS    
   providers.    
      
   Its not a particularly large group - it counts under five core operators who   
   are mostly from ShinyHunters. Obviously, the members are using multiple    
   online personas to hide their true identities.    
      
   Trustwave concludes that SLH represents a federated or networked criminal   
   brand, which is  a new model where cyber gangs share reputations and    
   audiences for greater impact. Its seen as a sign of professionalization in   
   cybercrime, where branding, visibility, and social performance are as   
   important as technical skill.    
      
   The group also seems to be punching up, looking for high-profile victims,   
   adding no less than Salesforce to its list of alleged victims.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/three-of-the-biggest-cybercrime-gangs-a   
   round-appear-to-be-teaming-up-which-could-be-bad-news-for-all-of-us   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426