ShinyHunters is a cybercriminal group that first emerged around 2020, motivated by financial gain through large-scale data breaches, theft of databases, and extortion of victims, operating globally and evolving their tactics from data leaks to more sophisticated social engineering and supply-chain attacks.

Breach Forums
BreachForums was a notorious hacking and data-leak marketplace operating on the dark web and clear web. It served as one of the largest public platforms for sharing, selling, and trading stolen data, leaked databases, and hacking tools.
https://telemetr.io/es/channels/2871886943-Urm9oSCMH9hmNTI1

 

 

 

After BreachForums’ original founder was arrested, the ShinyHunters group publicly took over and helped run/relaunch the forum. 
The forum website used DDoS-Guard’s service operated by Evgeniy Marchenko (ru.linkedin[.]com/in/evgeniy-marchenko-5a8447204) from Rostov, Vyatskaya str|55/4-11, Russian Federation, mobile number +7928797045.

Recently the FBI seized some of their domains:

https://x.com/FBI/status/1977464345651982491

 

 

ShinyHunters Arrested and Brought to Trail

A French citizen, Sébastien Raoult (https://fr.linkedin.com/in/sebastienraoult) aka “Sezyo Kaizen”, was arrested in Morocco in 2022, extradited to the U.S., and in January 2024 was sentenced to three years in prison for conspiracy to commit wire-fraud and aggravated identity theft.

https://france3-regions.franceinfo.fr/grand-est/vosges/sebastien-raoult-hacker-des-vosges-interpelle-par-la-police-a-son-retour-en-france-3071194.html 

 

 

On 25 June 2025, French authorities announced the arrest of four individuals in their 20s, suspected to be key members or administrators connected to ShinyHunters and the forum BreachForums.

https://flashpoint.io/blog/usa-vs-sebastien-raoult-et-al

 

 

Extorsion and Continues Pressure Tactics

ShinyHunters have used several pressure tactics aimed at extracting payment or concessions from victims.

• The group employes financial extortion and ransom demands, with strict deadlines. Payment is requested over BTC

“Bitcoin: bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh (Active collection wallet. Consolidates small deposits before sending to mixer.)”

• Public data leaks and reputational damage

The group constantly collect OSINT on its victims:

“We have a new offer for everyone. You are to conduct OSINT on C-suites executives on each company listed on our DLS. Your objective is to find more emails of these executives and do the same task, email them, endlessly, harass them, etc. The reward for this task is set to a minimum of 100$. If you do a good and/or exceptionally well job at gathering emails for each executive at each company, and then emailing them endlessly you will be rewarded much more, monetarily. Thank you, SLH/SLSH Operations Centre.”

Upon OSINT research, ShinyHunters encourage group members to harass victims:

“All these emails we provided here will likely be dead, inactive, what ever quite soon. So it's up to you to find more emails of the companies C-Suites/executives (CEO CSO CLO CMO CFO CISO CTO COO CIO CDO CPO etc) that are listed on the DLS. Work and PERSONAL EMAILS. Email them, show us proof, etc, get paid.”

The above quotes were taken from the Group’s secret channel.

Summary

ShinyHunters is a notorious and evolving cyber-criminal threat actor.
If you happen to be a victim, call Law Enforcement, report the group and do NOT be intimidated and Hold your ground against extortion demands.
Some have been arrested, but the work isn’t finished yet!

#ReportShinyHunters  #BreachForums #SLSH #FBI #ShinyHunters