Threat Group Profile
shinyhunters
โ Active โ last 30 days
Victim claims
52
First seen
Nov 2023
Last activity
01 Jul 2026
Tracked since
Oct 2025
Group overview
ShinyHunters is a financially motivated data-theft and extortion group active since 2020, responsible for high-profile breaches including Ticketmaster (via Snowflake) and PowerSchool; by 2025 they launched a RaaS offering called "shinysp1d3r," and in August 2025 French authorities arrested four members.
Preferred targets
Education ยท 10
Business Services ยท 9
Consumer Services ยท 7
Financial Services ยท 6
Technology ยท 4
Healthcare ยท 4
Most targeted countries
US ยท 41
FR ยท 1
GB ยท 1
NL ยท 1
CO ยท 1
SG ยท 1
Tactics & techniques (MITRE ATT&CK)
Initial Access
Unsecured Credentials: Private Keys
Phishing: Spearphishing Voice (Vishing)
Defense Evasion
Use Alternate Authentication Material: Application Access Token
Collection
Data from Information Repositories
Exfiltration
Exfiltration Over Web Service
Impact
Data Encrypted for Impact
Reconnaissance
Phishing for Information: Spearphishing Attachment