The cyber-extortion group Scattered Lapsus$ Hunters (SLSH) is being dismantled, according to public announcements from the user sevy (@meowsevy). The announcement follows the arrest of several of the group’s administrators.
Scattered Lapsus$ Hunters is a high-profile cybercrime alliance that combines members and tactics from the notorious groups Scattered Spider, Lapsus$, and ShinyHunters. The group is known for large-scale, identity-centric attacks, specializing in sophisticated social engineering and “vishing” (voice phishing) to compromise IT help desks and bypass multi-factor authentication.
The alliance gained infamy for its massive 2025 extortion campaign targeting Salesforce customers. This campaign, which abused OAuth tokens to exfiltrate data, impacted numerous global corporations. High-profile victims of the SLSH alliance include Google, Cisco, Adidas, Qantas, Allianz, LVMH (Louis Vuitton, Dior), and FedEx, among many others.
According to sevy, the arrests, which reportedly include the high-profile actor Shiny, stem directly from the group doxxing federal agents. This action is said to have provoked a significant response from law enforcement. Sevy further alleged that the doxxed information was highly sought after, claiming that Mexican cartels had offered to pay a substantial sum of money to acquire it.
In subsequent posts, sevy confirmed the group’s permanent dissolution. The user noted that despite demand for a new SLSH iteration, one would not be formed due to the law enforcement action against its leadership. Sevy concluded the announcement by declaring that this era comes to an end.
