Financial Services Brace for Potential Cyberattacks from ShinyHunters Hackers

In a recent development, threat intelligence firm ReliaQuest has revealed that the notorious ShinyHunters group could soon target financial services firms, following a 12% increase in domain registrations targeting financial companies since July 2025.

This shift in focus is significant, as the ShinyHunters group has been responsible for a series of data breaches affecting companies in the fashion and aviation sectors. The group's activities typically involve vishing for logins to Salesforce accounts and tricking victims into downloading a malicious app.

According to ReliaQuest, the ongoing ShinyHunters data extortion campaign has been linked to Google, and the domains used by the group match the same format as those used by the Scattered Spider collective. This similarity suggests that the two groups may be connected. However, it's important to note that the individuals behind the security risk "The Com" have not been publicly identified, and there is no confirmed connection between them and the hacker groups ShinyHunters or Scattered Spider.

Interestingly, while there has been a decrease of 5% in targeting of technology firms, the targeting of financial companies has increased. This shift in targets suggests that financially motivated groups like ShinyHunters are prioritizing banks, insurance companies, and financial services.

In an effort to help corporate security teams stay vigilant, ReliaQuest advises focusing on tactics, techniques, and procedures (TTPs) rather than attribution when trying to avoid becoming a victim. The firm emphasizes that tracking the behavioral patterns and evolving TTPs behind these campaigns is more valuable than focusing solely on indicators of compromise (IOCs) or attribution.

Understanding the fluid and persistent threat landscape is critical for security leaders to anticipate future attacks and make informed decisions about security strategy and resource allocation. As the ShinyHunters group continues its data extortion campaign, it's essential for businesses to stay informed and take the necessary precautions to protect their sensitive data.