shinyhunters
Intelligence Profile
ShinyHunters is a financially motivated data-theft and extortion group active since 2020, responsible for high-profile breaches including Ticketmaster (via Snowflake) and PowerSchool; by 2025 they launched a RaaS offering called "shinysp1d3r," and in August 2025 French authorities arrested four members.
Threat Analysis
shinyhunters is a ransomware operation that deploys encryption-based extortion against organizations globally. This group maintains a data leak site (DLS) to pressure victims into paying ransom demands.
Financially motivated threat actors like shinyhunters prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.
Known Campaigns
Shinyhunters is conducting an active ransomware campaign targeting organizations across 1 country. Primary targets: Business Services, Consumer Services, Education. 34 confirmed victims recorded in the last 45 days. Campaign status: ACTIVE (last activity 11 Apr 2026).