ShinyHunters Calling: Financially Motivated Data Extortion Group Targeting Enterprise Cloud Applications

EclecticIQ attributes a coordinated eCrime campaign to the ShinyHunters group (led by persona ShinyCorp) that combines AI-driven vishing (outsourced to Scattered Spider and The Com affiliates), insider recruitment, phishing of SSO/Okta and Salesforce, exploitation of Oracle Access Manager (CVE-2021-35587), and theft of BrowserStack API keys to enable CI/CD and supply-chain compromise; the group is actively extorting victims with multi-million-dollar data sale demands, shares indicators (IPs, domains, hashes, wallet addresses), and is developing a RaaS variant targeting VMware ESXi environments.