How ShinyHunters Infiltrated Google, Adidas, Louis Vuitton, and Other Brands

The cybersecurity landscape experienced a sophisticated and ongoing attack campaign throughout 2025, successfully compromising major corporations such as Google, Adidas, and Louis Vuitton, among others. This comprehensive technical analysis highlights how the notorious cybercriminal group ShinyHunters, in apparent collaboration with Scattered Spider, executed one of the most effective social engineering campaigns targeting Salesforce Customer Relationship Management (CRM) platforms. The campaign marked a significant evolution in attack sophistication, merging traditional voice phishing techniques with advanced OAuth abuse and API exploitation. This combination enabled the attackers to achieve persistent access and large-scale data exfiltration across multiple industry sectors. Google’s Threat Intelligence Group (GTIG) tracks the current campaign activities under the designations UNC6040 for initial compromise activities and UNC6240 for extortion operations, although the operators consistently assert their affiliation with the ShinyHunters brand.

ShinyHunters emerged in 2020 as a financially motivated cybercriminal group, initially focused on credential theft and database exploitation. The group gained notoriety through high-profile data breaches affecting major platforms, including Tokopedia, Microsoft GitHub, and AT&T. Beyond data theft, ShinyHunters established itself as a key player in the cybercriminal ecosystem by administering popular hacking forums, including various incarnations of BreachForums. Following the arrests of several alleged members in June 2024, ShinyHunters maintained relative inactivity until their dramatic resurgence in June 2025, showcasing fundamentally transformed tactics, techniques, and procedures (TTPs). Compelling circumstantial evidence suggests active collaboration between ShinyHunters and Scattered Spider, a sophisticated English-speaking cybercriminal collective known for its social engineering expertise. This collaboration is supported by indicators such as tactical convergence, shared infrastructure characteristics, and attribution evidence from BreachForums.

Penetration testing has become a fundamental component of the strategy for Chief Information Security Officers (CISOs).

Researchers have observed a significant increase in remote code execution (RCE) exploits targeting the Erlang/OTP SSH protocol, with 70% of these attacks aimed at operational technology (OT) firewalls.

APT36 Hackers Targeting Indian Government Organizations to Harvest Login Information

Illumina, a leading company in gene sequencing, has agreed to pay $9.8 million to settle issues related to product vulnerabilities.

Share this:

Similar Posts