The well-known English-speaking hacking group has launched a website to force victims and threatened to release around a billion records from companies that store customer data in a cloud database hosted by Salesforce.
A leisurely organized group known as Lapsus $, publishes a dedicated data leak site on the Dark Web, known as the scattered spiders and Shinyhunters, and called the scattered Lapsus $Hunters.
The website, first discovered by threat intelligence researchers on Friday and seen by TechCrunch, aims to pressure victims to pay hackers to prevent stolen data from being published online.
“Please contact us to regain control over data governance and prevent data from being published,” reads the site. “Do not enter the next heading. All communications require strict verification and will be processed at discretion.”
Over the past few weeks, the Shinyhunters gang has allegedly hacked dozens of well-known companies by infiltrating a cloud-based database hosted by Salesforce.
Insurance giant Allianz Life, Google, fashion conglomerate, Kering, airline Qantas, Carmaking Giant Stellarantis, Credit Bureau Trans Union, and employee management platform Workday have confirmed that data has been stolen from these mass hacks.
The hacker leak site lists several casualties, including FedEx, Hulu (owned by Disney), and Toyota Motors.
It is not clear whether companies known to have been hacked but not listed on the hacking group leak site have paid a ransom to the hackers to prevent data from being released. A representative from Shinyhunters said when TechCrunch reached it, “there are many other companies that are not listed,” but refused for a reason.
At the top of the site, the hacker mentions Salesforce, requiring that the company negotiates the ransom, otherwise “all customers” [sic] Data will be leaked. “The tone of the message suggests that Salesforce is not yet involved with hackers.
Salesforce spokesperson Nicole Aranda provided a link to the company’s statement. This noted that the company is “aware of recent attempts by threat actors to fear tor.”
“Our findings indicate that these attempts are related to past or unfounded cases and continue to provide support with impacted customers,” the statement reads. “At this point, neither indication that the Salesforce platform has been compromised or this activity is related to known vulnerabilities in our technology.”
Aranda did not immediately answer TechCrunch’s questions about the incident.
For weeks, security researchers have speculated that a group that was historically publicly available online had planned to publish a data leak website to force victims.
Historically, such websites have often been associated with ransomware gangs in the Russian language. Over the past few years, these organized cybercriminal groups have been threatening to steal, encrypt victim data, evolve in search of personal ransom, and publish stolen data online unless they are paid.
Updated with comments from ShinyHunters and comments from Salesforce.
Source link
