In a significant escalation against cyber extortion networks, the FBI has seized a public-facing domain associated with the Scattered LAPSUS$ Hunters, a hacking alliance tied to multiple global data breaches. The domain, which was used for leaking stolen data and issuing ransom threats, was taken offline as part of a coordinated international law enforcement effort.
đź”’ Why the Seizure Matters
- Crippling public outreach
The domain was one of the group’s rare “clear web” channels, allowing them to publish stolen data and taunt victims. Its removal disrupts their visibility and psychological leverage in ongoing extortion campaigns. - Shift in law enforcement tactics
Traditionally, actions against such groups target dark web infrastructure. The FBI’s move onto the open internet reflects a strategic pivot—disrupting cybercriminals’ public influence and recruitment capabilities. - A blow to credibility
Without its official leak site, Scattered LAPSUS$ Hunters faces credibility challenges among its followers and dark web peers, potentially undermining its reputation as a major player in data extortion.
🧠Who Are the Scattered LAPSUS$ Hunters?
This collective, believed to be a spinoff of the original LAPSUS$ and Scattered Spider groups, operates with a mix of credential theft, SIM swapping, OAuth abuse, and social engineering. Their attacks target cloud service providers, major SaaS firms, and government agencies.
Recently, the group claimed responsibility for Salesforce-related data thefts, alleging access to hundreds of corporate accounts and customer datasets. Investigators have linked the group to previous breaches targeting tech and telecom giants.
⚠️ What Happens Next
- Domain migration likely — The group may pivot to new or encrypted hosting to continue operations.
- Corporate vigilance required — Organizations are urged to review access policies, MFA security, and OAuth permissions.
- Broader crackdown imminent — Analysts expect similar takedowns targeting related extortion networks and data-leak platforms.
🧠The Bigger Picture
This domain seizure underscores an evolving reality: cybercrime is no longer confined to the shadows. As hacker collectives exploit the open web for publicity, authorities are extending their jurisdiction beyond the dark net — transforming the global fight against cyber extortion.
