• Home
  • News
  • ShinyHunters Got Targeted by the FBI

ShinyHunters Got Targeted by the FBI

Bogdan Pătru

By Bogdan Pătru . 16 June 2024

Tech Writer

Miklos Zoltan

Fact-Checked this

ShinyHunters have announced that they’ve been targeted by the FBI recently. The FBI worked in conjunction with ICANN (Internet Corporation for Assigned Names and Numbers) to seize the organization’s domain names and assets.

  • According to the most recent reports, the FBI managed to identify and arrest the organization’s administrator, called Baphomet
  • ShinyHunters is a veteran in the ransomware sphere, working as a black-hat organization since 2020
  • The gang is an atypical ransomware actor, being involved in numerous other cybercriminal activities
  • The FBI’s efforts didn’t manage to dissolve the gang, but it did inflict serious damage to its structure

Technically speaking, ShinyHunters isn’t listed as a ransomware organization. Practically, it operates similarly to one. The hackers usually target high-profile organizations and steal data for their own gains.

Some of the most notable victims include:

  • Microsoft / May, 2020 – The hackers stole 500 GB-worth of source code, 1 GB of which was published on a hacking forum.
  • Pixlr / January, 2021 – Approximately 1.9 million data, pertaining to just as many users, got leaked on a hacking forum, following a ShinyHunters operation.
  • AT&T Wireless / 2021 – ShinyHunters got the personal information of over 70 million subscribers. This included phone numbers, addresses, and social security numbers. AT&T Wireless only admitted to the breach in 2024.
  • Santander / May, 2024 – ShinyHunters breached Santander and stole the personal information of all the staff plus 30 million customers spread across Spain, Uruguay, and Chile.
X showing the Shiny Hunters attack on the forum

To be noted, not all of ShinyHunters’ hits have been confirmed. The gang is known to often boast with unconfirmed breaches to increase their reputation and fear factor. There are numerous unconfirmed operations to this day.

ShinyHunters appears to be financially motivated, selling much of the stolen data on hacking forums. In other cases, the hackers keep some of the data for later use.

What Did the FBI Achieve?

According to the latest reports, the FBI managed to arrest the organization’s administrator, Baphomet. This allowed the feds to gain access to the organization’s database, ultimately leading to the seizure of all the gang’s domain names.

ShinyHunters admitted to the facts in their public post, while mocking the FBI and NiceNIC for mismanaging the situation. According to the hackers, they managed to trick NiceNIC into pointing the DNS to their own servers.

This allowed BreachForums to replace the seizure banners with a link to the organization’s own Telegram group. So, despite the FBI’s efforts, ShinyHunters is apparently still in the game.

This is concerning, given the group’s influence, resourcefulness, and capabilities. With the administrator out of the picture, it’s expected that the gang’s activity will slow down for a while. But it’s also expected that they will be back in business shortly.

Unless, of course, the FBI decides to ramp things up and open up a new operation. This seems more likely to be the case, given that the FBI is constantly targeting cybercriminal actors. Some of them multiple times over short periods of time.

We’ll monitor the situation.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment