Scattered LAPSUS$ Hunters Demand $989M to Stop Salesforce Data Leak
A cyber gang, now calling itself Scattered LAPSUS$ Hunters, has reemerged with a massive extortion threat targeting Salesforce. The group is demanding $989 million to prevent around a billion customer records from appearing online.
The group, previously known as Scattered LAPSUS$ Hunters, has a background connected to the Hive group. They have rebranded as Hunters International, active since 2023, and shifted their tactics towards data theft and extortion under the new name 'World Leaks'.
Both Google and Salesforce have advised organizations to bolster their security measures. This includes limiting Data Loader use, strictly controlling connected apps, implementing IP-based access restrictions, and enforcing mandatory multi-factor authentication.
A second group, UNC6240, is approaching victims months after the original breach, claiming to be part of ShinyHunters. This renewed threat is linked to the UNC6040 group, known for telephone social engineering attacks, or vishing.
Salesforce has not found evidence of its own platform being hacked. However, Google Threat Intelligence Group (GTIG) reports that Google's internal Salesforce environment was targeted in a similar attack in June. Despite arrests and previous promises to stop, financially motivated cyber groups like Scattered LAPSUS$ Hunters continue to pose significant threats.
