Threat Group Profile
shinyhunters
β Active β last 30 days
Victim claims
52
First seen
Nov 2023
Last activity
01 Jul 2026
Tracked since
Oct 2025
Group overview
ShinyHunters is a financially motivated data-theft and extortion group active since 2020, responsible for high-profile breaches including Ticketmaster (via Snowflake) and PowerSchool; by 2025 they launched a RaaS offering called "shinysp1d3r," and in August 2025 French authorities arrested four members.
Preferred targets
Education Β· 10
Business Services Β· 9
Consumer Services Β· 7
Financial Services Β· 6
Technology Β· 4
Healthcare Β· 4
Most targeted countries
US Β· 41
FR Β· 1
GB Β· 1
NL Β· 1
CO Β· 1
SG Β· 1
Tactics & techniques (MITRE ATT&CK)
Initial Access
Unsecured Credentials: Private Keys
Phishing: Spearphishing Voice (Vishing)
Defense Evasion
Use Alternate Authentication Material: Application Access Token
Collection
Data from Information Repositories
Exfiltration
Exfiltration Over Web Service
Impact
Data Encrypted for Impact
Reconnaissance
Phishing for Information: Spearphishing Attachment