ShinyHunters Got Targeted by the FBI

By Bogdan Pătru . 16 June 2024

Tech Writer

Fact-Checked this

ShinyHunters have announced that they’ve been targeted by the FBI recently. The FBI worked in conjunction with ICANN (Internet Corporation for Assigned Names and Numbers) to seize the organization’s domain names and assets.

According to the most recent reports, the FBI managed to identify and arrest the organization’s administrator, called Baphomet
ShinyHunters is a veteran in the ransomware sphere, working as a black-hat organization since 2020
The gang is an atypical ransomware actor, being involved in numerous other cybercriminal activities
The FBI’s efforts didn’t manage to dissolve the gang, but it did inflict serious damage to its structure

Technically speaking, ShinyHunters isn’t listed as a ransomware organization. Practically, it operates similarly to one. The hackers usually target high-profile organizations and steal data for their own gains.

Some of the most notable victims include:

Microsoft / May, 2020 – The hackers stole 500 GB-worth of source code, 1 GB of which was published on a hacking forum.
Pixlr / January, 2021 – Approximately 1.9 million data, pertaining to just as many users, got leaked on a hacking forum, following a ShinyHunters operation.
AT&T Wireless / 2021 – ShinyHunters got the personal information of over 70 million subscribers. This included phone numbers, addresses, and social security numbers. AT&T Wireless only admitted to the breach in 2024.
Santander / May, 2024 – ShinyHunters breached Santander and stole the personal information of all the staff plus 30 million customers spread across Spain, Uruguay, and Chile.

X showing the Shiny Hunters attack on the forum — https://x.com/FalconFeedsio/status/1801870566321963258

To be noted, not all of ShinyHunters’ hits have been confirmed. The gang is known to often boast with unconfirmed breaches to increase their reputation and fear factor. There are numerous unconfirmed operations to this day.

ShinyHunters appears to be financially motivated, selling much of the stolen data on hacking forums. In other cases, the hackers keep some of the data for later use.

What Did the FBI Achieve?

According to the latest reports, the FBI managed to arrest the organization’s administrator, Baphomet. This allowed the feds to gain access to the organization’s database, ultimately leading to the seizure of all the gang’s domain names.

ShinyHunters admitted to the facts in their public post, while mocking the FBI and NiceNIC for mismanaging the situation. According to the hackers, they managed to trick NiceNIC into pointing the DNS to their own servers.

This allowed BreachForums to replace the seizure banners with a link to the organization’s own Telegram group. So, despite the FBI’s efforts, ShinyHunters is apparently still in the game.

This is concerning, given the group’s influence, resourcefulness, and capabilities. With the administrator out of the picture, it’s expected that the gang’s activity will slow down for a while. But it’s also expected that they will be back in business shortly.

Unless, of course, the FBI decides to ramp things up and open up a new operation. This seems more likely to be the case, given that the FBI is constantly targeting cybercriminal actors. Some of them multiple times over short periods of time.

We’ll monitor the situation.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Author, Creative Writer, and Tech-Geek Bogdan has followed his passion for the digital world ever since he got his hands on his first PC. After years of accumulating knowledge and experience, the good Samaritan in him whispered to him one day about the virtue of sharing that knowledge with those who needed it. It was in 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Cookie	Duration	Description
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.
wpEmojiSettingsSupports	session	WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user's browser can display emojis properly.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.

ShinyHunters Got Targeted by the FBI

What Did the FBI Achieve?

Our Mission

Bogdan Pătru

Leave a Comment Cancel