Scattered LAPSUS$ Hunters Ransomware Group Claims New Victims on New Website
- Daily Dark Web - dailydarkweb.net October 3, 2025 The newly formed cybercrime alliance, โScattered LAPSUS$ Hunters,โ has launched a new website detailing its claims of a massive data breach affecting Salesforce and its extensive customer base. This development is the latest move by the group, a notorious collaboration between members of the established threat actor crews ShinyHunters, Scattered Spider, and LAPSUS$. On their new site, the group is extorting Salesforce directly, threatening to leak nearly one billion records with a ransom deadline of October 10, 2025. This situation stems from a widespread and coordinated campaign that targeted Salesforce customers throughout mid-2025. According to security researchers, the attacks did not exploit a vulnerability in Salesforceโs core platform. Instead, the threat actors, particularly those from the Scattered Spider group, employed sophisticated social engineering tactics. The primary method involved voice phishing (vishing), where attackers impersonated corporate IT or help desk staff in phone calls to employees of target companies. These employees were then manipulated into authorizing malicious third-party applications within their companyโs Salesforce environment. This action granted the attackers persistent access tokens (OAuth), allowing them to bypass multi-factor authentication and exfiltrate vast amounts of data. The alliance has now consolidated the data from these numerous breaches for this large-scale extortion attempt against Salesforce itself. The website lists dozens of high-profile Salesforce customers allegedly compromised in the campaign. The list of alleged victims posted by the group includes: Toyota Motor Corporations (๐ฏ๐ต): A multinational automotive manufacturer. FedEx (๐บ๐ธ): A global courier delivery services company. Disney/Hulu (๐บ๐ธ): A multinational mass media and entertainment conglomerate. Republic Services (๐บ๐ธ): An American waste disposal company. UPS (๐บ๐ธ): A multinational shipping, receiving, and supply chain management company. Aeromรฉxico (๐ฒ๐ฝ): The flag carrier airline of Mexico. Home Depot (๐บ๐ธ): The largest home improvement retailer in the United States. Marriott (๐บ๐ธ): A multinational company that operates, franchises, and licenses lodging. Vietnam Airlines (๐ป๐ณ): The flag carrier of Vietnam. Walgreens (๐บ๐ธ): An American company that operates the second-largest pharmacy store chain in the United States. Stellantis (๐ณ๐ฑ): A multinational automotive manufacturing corporation. McDonaldโs (๐บ๐ธ): A multinational fast food chain. KFC (๐บ๐ธ): A fast food restaurant chain that specializes in fried chicken. ASICS (๐ฏ๐ต): A Japanese multinational corporation which produces sportswear. GAP, INC. (๐บ๐ธ): A worldwide clothing and accessories retailer. HMH (hmhco.com) (๐บ๐ธ): A publisher of textbooks, instructional technology materials, and assessments. Fujifilm (๐ฏ๐ต): A multinational photography and imaging company. Instructure.com โ Canvas (๐บ๐ธ): An educational technology company. Albertsons (Jewel Osco, etc) (๐บ๐ธ): An American grocery company. Engie Resources (Plymouth) (๐บ๐ธ): A retail electricity provider. Kering (๐ซ๐ท): A global luxury group that manages brands like Gucci, Balenciaga, and Brioni. HBO Max (๐บ๐ธ): A subscription video on-demand service. Instacart (๐บ๐ธ): A grocery delivery and pick-up service. Petco (๐บ๐ธ): An American pet retailer. Puma (๐ฉ๐ช): A German multinational corporation that designs and manufactures athletic footwear and apparel. Cartier (๐ซ๐ท): A French luxury goods conglomerate. Adidas (๐ฉ๐ช): A multinational corporation that designs and manufactures shoes, clothing, and accessories. TripleA (aaa.com) (๐บ๐ธ): A federation of motor clubs throughout North America. Qantas Airways (๐ฆ๐บ): The flag carrier of Australia. CarMax (๐บ๐ธ): A used vehicle retailer. Saks Fifth (๐บ๐ธ): An American luxury department store chain. 1-800Accountant (๐บ๐ธ): A nationwide accounting firm. Air France & KLM (๐ซ๐ท/๐ณ๐ฑ): A major European airline partnership. Google Adsense (๐บ๐ธ): A program run by Google through which website publishers serve advertisements. Cisco (๐บ๐ธ): A multinational digital communications technology conglomerate. Pandora.net (๐ฉ๐ฐ): A Danish jewelry manufacturer and retailer. TransUnion (๐บ๐ธ): An American consumer credit reporting agency. Chanel (๐ซ๐ท): A French luxury fashion house. IKEA (๐ธ๐ช): A Swedish-founded multinational group that designs and sells ready-to-assemble furniture. According to the actor, the breach involves nearly 1 billion records from Salesforce and its clients. The allegedly compromised data includes: Sensitive Personally Identifiable Information (PII) Strategic business records that could impact market position Data from over 100 other demand instances hosted on Salesforce infrastructure
