Scattered Lapsus ShinyHunters (SLSH) uses a very aggressive style of extortion that goes beyond ordinary “pay us or we leak data” tactics. According to Krebs, the group steals internal data, then pressures victims by harassing executives, threatening families, launching email floods and DDoS attacks, and even using swatting to trigger armed police responses at people’s homes. The piece says SLSH often gets in through social engineering, including phone-based phishing where attackers pretend to be IT staff, trick employees into entering credentials and MFA codes on fake company-branded sites, and then register their own devices for MFA access.

The main takeaway is that victims should not negotiate or keep engaging with the group beyond a clear refusal to pay. Krebs, citing security researcher Allison Nixon and Unit 221B, argues that SLSH is unreliable, chaotic, and tied to “The Com” online crime ecosystem, where internal feuds and unstable behavior make promises meaningless—so even if a company pays, there is no real reason to trust the attackers to delete stolen data or stop abusing the victim. The article says the harassment may be intense, but giving the group continued attention or entering long negotiations can actually encourage more pressure, so organizations should treat the data loss and the harassment as separate issues and avoid paying just to make the intimidation stop.

‍

Source: https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/