I tried to do a preliminary write-up on what I saw on Scattered Spider's new Telegram Channel.

I would now like to go away for a few days in a spa-like retreat to recover.

My post:
https://databreaches.net/2025/08/09/scattered-spider-has-a-new-telegram-channel-to-list-its-attacks/

#ScatteredSpider #ShinyHunters #Lapsus$ #Salesforce #Snowflake #Google #Mandiant #databreach #infosec #cybersecurity

"Breaking News:" The Scattered Spider kids seem to have opened their own channel on Telegram. Rude, crude, and leaking data already. Some of the redacted screenshots they have posted suggest that they may have had victims that we did not know about already.

(exclusive):

ShinyHunters sent Google an extortion demand; Shiny comments on current activities

In a long chat yesterday, Shiny touched on Google, France, Australia and the Qantas injunction, and the NSA's alleged attempts at voice analysis:

https://databreaches.net/2025/08/08/shinyhunters-sent-google-an-extortion-demand-shiny-comments-on-current-activities/

#ShinyHunters #ScatteredSpider #Salesforce #Google #LVMH #Qantas

@campuscodi @lawrenceabrams @zackwhittaker @euroinfosec @kevincollier

NEW:

Scattered Spider is NOT quiet. They’re just under another name now.

https://databreaches.net/2025/08/05/scattered-spider-is-not-quiet-theyre-just-under-another-name-now/

There seems to be some coordination/integration pains, too.

Are Scattered Spider and ShinyHunters one group or two? And who did France arrest?

It's been a wild weekend here trying to sort out the relationship between #ShinyHunters and #ScatteredSpider. And then, to really blow my mind, I heard from the leader of ShinyHunters (or someone claiming to be him) and no, he's not in prison in France.

If I was trolled, it's absolutely an amazingly good troll. But see what you think.

https://databreaches.net/2025/08/03/are-scattered-spider-and-shinyhunters-one-group-or-two-and-who-did-france-arrest/

#attribution #arrest

@lawrenceabrams @campuscodi
@zackwhittaker

https://www.europesays.com/uk/312166/ Do Not Reset Your Password — FBI Issues Critical New Warning #Business #CISA #CisaWarning #FBIAdvice #FBICybersecurityAdvisory #FBIPassword #FBIPasswordWarning #FBYCybersecurityWarning #Ransomware #ScatteredSpider #UK #UnitedKingdom

The notorious hacker group #ScatteredSpider is aggressively targeting #VMware #ESXi hypervisors in US retail, airline & insurance sectors using advanced social engineering to breach IT help desks & deploy ransomware from the hypervisor layer in just hours! Read more: https://www.bleepingcomputer.com/news/security/scattered-spider-is-running-a-vmware-esxi-hacking-spree/ #CyberSecurity #Ransomware #InfoSec
#newz

Scattered Spider is now hijacking VMware ESXi hypervisors—not with malware, but fake help desk calls.

They impersonate admins, reset passwords, and deploy ransomware directly from the hypervisor.

Google says it's fast, stealthy, and crippling. #RansomwareAttacks #ScatteredSpider https://thehackernews.com/2025/07/scattered-spider-hijacks-vmware-esxi-to.html

#ScatteredSpider is running a #VMware #ESXi hacking spree

https://www.bleepingcomputer.com/news/security/scattered-spider-is-running-a-vmware-esxi-hacking-spree/

#Cybercrime-Bande "#ScatteredSpider": Vier Verhaftungen in Großbritannien | Security https://www.heise.de/news/Cybercrime-Bande-Scattered-Spider-Vier-Verhaftungen-in-Grossbritannien-10483782.html #Lapsus$ #Ransomware #Malware

#UK Charges Four in ‘Scattered Spider’ #Ransom Group

Authorities in the #UnitedKingdom this week arrested four alleged members of “Scattered Spider,” a prolific data theft and #extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.
#privacy #scatteredspider

https://krebsonsecurity.com/2025/07/uk-charges-four-in-scattered-spider-ransom-group/

Pro basketball player and 4 youths arrested in connection to ransomware crimes https://arstechni.ca/8WGR #scatteredspider #lawenforcement #ransomware #Security #lapsus$ #Biz&IT #crime

Pro basketball player and 4 youths arrested in connection to ransomware crimes - Authorities in Europe have detained five people, including a... - https://arstechnica.com/security/2025/07/pro-basketball-player-and-4-youths-arrested-in-connection-to-ransomware-crimes/ #scatteredspider #lawenforcement #ransomware #security #lapsus$ #biz⁢ #crime

UK Charges Four in ‘Scattered Spider’ Ransom Group

https://krebsonsecurity.com/2025/07/uk-charges-four-in-scattered-spider-ransom-group/

#NationalCrimeAgency #Ne'er-Do-WellNews #OwenDavidFlowers #ScatteredSpider #Marks&Spencer #StarFraudChat #AllisonNixon #ThalhaJubair #Ransomware #Co-opGroup #Earth2Star #MGMCasino #Everlynn #Operator #Asyntax #Harrods #LAPSUS$ #Amtrak #Doxbin #bo764 #fbi

UK Charges Four in ‘Scattered Spider’ Ransom Group - Authorities in the United Kingdom this week arrested four alleged members of “Scat... https://krebsonsecurity.com/2025/07/uk-charges-four-in-scattered-spider-ransom-group/ #nationalcrimeagency #neer-do-wellnews #owendavidflowers #scatteredspider #marks&spencer #starfraudchat #allisonnixon #thalhajubair #ransomware #co-opgroup #earth2star #mgmcasino #everlynn #operator #asyntax #harrods #lapsus$ #amtrak #doxbin #bo764 #fbi

Three teenage males and a young woman hauled away by cops, suspected of hacking huge retailers.

Four youngsters are in custody today, alleged to be the notorious #ScatteredSpider hackers (or at least, some of them). The “loose affiliation” of hackers is suspected of badly disrupting operations at three large retail chains since April.

The four are innocent until proven guilty. In #SBBlogwatch, we channel Sir William Garrow.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/arrests-scattered-spider-richixbw/

Even more arrests! Reuters reports:

Four people have been arrested as part of a police investigation into cyberattacks that disrupted the operations of retailers Marks & Spencer, the Co-op and Harrods, Britain's National Crime Agency said.

The cyberattack on M&S was the most serious, costing it about 300 million pounds ($409 million) in lost operating profit.

The NCA said two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands, central England, and London on Thursday on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group.

More at https://www.reuters.com/business/retail-consumer/uk-police-arrest-four-connection-with-ms-co-op-cyberattacks-2025-07-10/

M&S head Archie Norman won’t say if he authorized #DragonForce #ransomware hacker payday.

British shopping titan M&S is still dealing with the mess caused by April’s #ransomware attack. There’s at least three months more work ahead says the firm’s chairman, Archie Norman (pictured).

But there are persistent rumors M&S paid #ScatteredSpider’s ransom demand. In #SBBlogwatch, Norman will neither confirm nor deny.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/marks-spencer-archie-norman-ransom-richixbw/