Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

ShinyHunters threat group makes their return

Shinyhunters Digital Shadows

Wayback Machine’s evidence of ShinyHunters defacing HackForums. Image courtesy of Digital Shadows

August 27, 2021

ShinyHunters, a financially motivated threat group that emerged in May 2020, has made their return to push a trove of data allegedly stolen from U.S. telecommunications company AT&T, according to Digital Shadows, who could not independently verify the integrity of ShinyHunters’ claims. 

In a new report, The Eeveelution of ShinyHunters: From Data Leaks to Extortions, Digital Shadows retraces their steps and analyzes the threat group’s origin and how they evolved over the past months.

Primarily active on criminal forums, ShinyHunters first emerged in 2020, advertising 91M Tokopedia user records on the Empire Market dark web marketplace. Digital Shadows observed them engaging in the sale and disclosure of data sets obtained from organizations within various sectors, including education, media and technology. Additionally, the group has progressively moved from selling breached data to exposing it for free, thus contributing to its wide popularity among other cybercriminals.

The threat group, according to the Digital Shadows Photon Research Team, has maintained a low level of activity since July 2020, with extensive periods of inactivity that lasted between one or two months and usually followed by a surge of victims being posted on criminal forums. Taking periods of general inactivity is not an uncommon theme within cybercriminals, and typically, these periods are a moment to improve or develop new products and moments of high activity below the surface.

In 2020, the threat group was the protagonist of attacks against rival criminal forum Hackforums when they defaced their website and replaced its material with Pokemon references. Later that month, ShinyHunters also updated their Raidforums bio to brag about that defacement, Digital Shadows reports. 

Undoubtedly a very respected and well-known threat actor in the cybercriminal scene, security researchers have highlighted that ShinyHunters has not been able to amass a great fortune compared to other cybercriminal activities. However, recently, the group has evolved its tactics to include extortion attempts and data breaches, likely due to ransomware gangs’ skyrocketing revenue. 

Now, ShinyHunters are extorting victims that they have successfully infiltrated, especially those within the U.S., putting their data up for auction. This strategy closely aligns with extortion-based threat actors, specifically ransomware groups who exfiltrate data and threaten to expose data unless the victim pays a ransom, the Photon Research Team says. In case you’d need a refresher on how ransomware groups conduct these attacks, here’s Digital Shadows’ Q2 ransomware roll-up.

On Aug. 17, 2021, the group created a post offering data sale for the American telecommunications company AT&T titled “AT&T Database +70M (SSN/DOB)” in an English-language cybercriminal forum. The group put the stolen data up for auction in this post, marking the first time they publicly auctioned data. The auction was initially priced at $200,000 for the starting bid, $30,000 for subsequent offers, and $1,000,000 for the blitz price to bypass the auctions process.

Many users replied to the post expressing interest in the offering, stating that they plan to wait until ShinyHunters leaks it for free (which ShinyHunters has traditionally done after having sold the original data for a while). However, things seem different this time as the threat group replied on the same day, stating that they won’t be leaking the data for free if it is sold.

At the time of writing, the original post has allegedly been deleted by the forum moderators. Security researchers initially imagined this removal confirmed AT&T claims that the data auctioned did not come from their systems. However, according to ShinyHunter’s good friend and known threat actor “pompompurin,” the forum moderators removed the post because it included social security numbers - a practice banned on that forum. 

At the time of writing, Digital Shadows could not corroborate independently whether the auctioned data actually belongs to AT&T. It could well be a P.R. stunt by ShinyHunters. Or, it is also possible that the threat group successfully managed to infiltrate and extract sensitive data from AT&T. “It certainly wouldn’t be the first time a compromised organization denies being breached before admitting it a few weeks later,” Digital Shadows says.

ShinyHunters have proved to be a careful threat actor, focused on developing tactics to build a well-respected persona in the cybercriminal space. Their transition to extortion-based attacks highlights the group’s wish to adapt its tactics and expand revenue streams. Overall, having gained the community's support by sharing troves of data for free, it’s highly likely we’ll eventually hear again from this unique threat group, the Photon Research Team says.

KEYWORDS: cyber security ransomware risk management threat assessment

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • surveillance camera freepik

    US firms repurposing their existing video monitoring systems to support return to the workplace

    See More
  • cloud-data-backup-freepik

    49% of employees still use their personal computers for work as hybrid landscape intensifies enterprise cyber threat

    See More
  • surveillance  data

    Threat group abuses cloud services, targets semiconductor companies, airline industry

    See More

Related Products

See More Products
  • threat and detection.jpg

    Surveillance and Threat Detection

  • Physical-Security-and-Envir.gif

    Physical Security and Environmental Protection

See More Products

Events

View AllSubmit An Event
  • May 22, 2012

    Teleconference: Business Continuity Best Practices Group

    Join this collection of security practitioners and become part of the next generation of business continuity and crisis management program development.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!