📊 Full opportunity report: ShinyHunters · The New APT Model. on ThorstenMeyerAI.com — validation score, market gap, and execution plan.

TL;DR

ShinyHunters has transitioned from a database theft group to a sophisticated, AI-enabled, extortion-focused collective operating as a scalable threat actor. This new model challenges traditional security defenses and requires updated threat frameworks.

Cybersecurity researchers have confirmed that ShinyHunters, the notorious hacking collective, has evolved into a new operational model characterized by AI-enabled tactics, a brand-like collective structure, and a scalable extortion-based revenue system. This shift marks a significant departure from their previous database theft activities and signals a broader threat landscape for enterprises worldwide, similar to the risks discussed in The $9 Billion Signature Tax.

Since its emergence in 2020, ShinyHunters has been linked to over 400 breaches, including high-profile incidents such as the breaches of Snowflake, Salesforce, and educational institutions. The group’s operational scope has grown from opportunistic SQL injection and database exfiltration to a multi-era evolution involving credential stuffing, SaaS abuse, and now, AI-powered extortion campaigns.

Recent campaigns, such as the Vercel/Context.ai breach and ongoing educational institution extortions, demonstrate a shift toward a structured, scalable threat model. Researchers note that the group now operates as a distributed collective, functioning as a brand with affiliate programs and a monetization architecture that includes direct extortion, data sales, and crowd-sourced victim pressure campaigns. An essential feature of this new model is the use of AI-enabled voice phishing (vishing) as the primary access vector, significantly increasing operational efficiency and scale.

ShinyHunters · The New APT Model.

DISPATCH / MAY 2026 SECURITY · SHINYHUNTERS · THE NEW APT MODEL · PART 5

▲ Part 5 · Security New APT Model · May 2026

Software Security · Part 5 · ShinyHunters · The New APT Model

ShinyHunters.
The new APT model.

Q: How has ShinyHunters' operational model changed since 2020?

The group has evolved from opportunistic database theft to a scalable, AI-enabled extortion collective with a brand-like structure, affiliate programs, and diversified revenue streams, including data sales and victim pressure campaigns.

Q: What role does AI play in ShinyHunters' current tactics?

AI is primarily used for voice phishing (vishing) attacks, enabling social engineering at scale, increasing operational efficiency, and expanding their attack surface.

Q: Why is this evolution significant for enterprise security?

This new model introduces more persistent, scalable, and socially engineered attacks, requiring organizations to rethink their defenses beyond traditional perimeter security and technical vulnerabilities.

Q: Are law enforcement actions effective against this new model?

While targeted law enforcement actions have disrupted some operations, the collective’s distributed and brand-based structure makes it difficult to dismantle entirely, and new campaigns are likely already in progress.

Q: What should organizations do to protect themselves?

Organizations should enhance AI-driven detection, reinforce multi-factor authentication, monitor for social engineering attacks, and adopt a threat intelligence approach that considers the evolving tactics of groups like ShinyHunters. Source: ThorstenMeyerAI.com

Extortion-as-a-Service operating as a brand and a collective. AI-enabled vishing as primary access vector. 400+ organizations breached since 2020.

The criminal operational model has been redesigned. Not a hierarchical organization. A brand within “The Com” with affiliated clusters, 25-30% affiliate revenue share, multi-stream business model spanning direct extortion ($65M Telus demand), bulk data sales ($1M per company), BreachForums administration, and crowd-sourced pressure. AI voice cloning crossed the indistinguishable threshold. The defensive frameworks have not yet caught up.

Thorsten Meyer / ThorstenMeyerAI.com / May 2026 · Part 5

400+

Organizations breached · 2020-2026 cumulative

Snowflake · Salesforce · Vercel · Canvas · 100+ named victims

$65M

Telus ransom demand · March 2026 · 1+ PB stolen

FBI background data · CDRs · source code · Salesforce data

25-30%

EaaS affiliate revenue share · operational model

Multi-stream: direct extortion + sales + admin + EaaS

<1hr

Cordial Spider · initial compromise → exfiltration

Sub-1-hr exfiltration · faster than human SOC triage

● 5 OPERATIONAL ERAS 2020-2022 DATABASE THEFT → 2023-2024 CREDENTIAL STUFFING → 2024-2025 OAUTH SUPPLY CHAIN → 2025-2026 AI VISHING → 2026 PRODUCTIVITY-TOOL CASCADE ● 760+ COMPANIES RELIAQUEST / COMPUTER WEEKLY · LATE 2025 – 2026 SHINYHUNTERS CAMPAIGN · MOST IMPACTFUL VISHING EVER ● THE COM SHINYHUNTERS + SCATTERED SPIDER + LAPSUS$ + CORDIAL SPIDER + SNARKY SPIDER + COINBASECARTEL ● VOICE CLONING VALL-E · 3 SECONDS OF AUDIO SUFFICIENT · FORTUNE 2026: “INDISTINGUISHABLE THRESHOLD” · BIOMETRICS BYPASSED ● SHINYSP1D3R CHACHA20+RSA-2048 WIN · AES-256 ESXI · RANSOMWARE PLATFORM UNDER DEV · ESCALATION OPTION READY ● DEFENSIVE PRIORITIES PHISHING-RESISTANT MFA · HELPDESK HARDENING · SAAS OBSERVABILITY · AI-AUGMENTED SOC ● 5 OPERATIONAL ERAS 2020-2022 DATABASE THEFT → 2023-2024 CREDENTIAL STUFFING → 2024-2025 OAUTH SUPPLY CHAIN

Operational evolution · capability progression

Five eras. Each adds capability the previous era couldn’t execute.

From database theft on forums (2020) to AI-vishing-driven SaaS cascade (2026). Each era preserves prior capabilities while adding new ones. The current ShinyHunters operational stack spans all five.

Five operational eras · 2020-2026 ShinyHunters capability progression

Each era’s signature campaign demonstrated capability that became part of the permanent operational stack.

Era 01 2020-22 Bulk theft

Database theft + forum monetization

Find SQL injection or exposed servers · exfiltrate data · sell on forums. Tokopedia 91M · Wishbone 40M · Wattpad 270M · Microsoft GitHub repos. Forum sales at tens of thousands per dataset. Arrests 2022-2025 across 5 countries; operations continued.

SIGNATURETokopedia91M records

Era 02 2023-24 Cred stuffing

Credential stuffing at cloud scale

Stolen credentials + weak/absent MFA = mass enterprise cloud access. ~165 Snowflake customers compromised. Verified victims: AT&T (109M records), Ticketmaster (560M), Santander, Advance Auto Parts. Economic model shift: per-database sales → multi-million extortion per company.

SIGNATURESnowflake165 customers · 2024

Era 03 2024-25 OAuth supply

OAuth supply chain + SaaS integration abuse

Compromise third-party SaaS vendor → extract OAuth tokens → mass query customer environments. Drift/Salesloft Aug 2025 cascade. 1.5B records. 70+ lawsuits. FBI advisory CSA-2025-250912. Attempted to extort Salesforce itself. Cloudflare, Google, PagerDuty, Palo Alto, Proofpoint, Zscaler verified victims.

SIGNATUREDrift/Salesloft700+ orgs · 1.5B records

Era 04 2025-26 AI vishing

AI-enabled vishing + SSO compromise at scale

AI voice cloning + conversational agents + victim-branded credential harvesting + real-time MFA interception. Mandiant tracks UNC6661/UNC6671/UNC6240/UNC6395. 760+ companies in late-2025-into-2026 campaign. The capability that makes industrial scale possible.

SIGNATURE760+ companiesReliaQuest tracking

Era 05 2026 Current

Third-party supply chain cascade + AI-productivity-tool abuse

Compromised AI productivity tools cascade through OAuth grants to enterprise data. Vercel/Context.ai Apr 19 ($2M BreachForums). Anodot chain → Vimeo, Rockstar Games, Zara/Inditex. Canvas/Instructure ongoing through May 12: 275M records · 8,800+ institutions · finals-week portal defacement.

SIGNATURECanvas/Instructure275M records · ~9,000 schools

Organizational anatomy · why traditional APT frameworks miss this

Amazon

AI voice phishing detection software

As an affiliate, we earn on qualifying purchases.

Not a gang. A brand operating a collective.

Traditional threat intelligence describes APT groups in terms of attribution to specific named organizations. ShinyHunters doesn’t fit that framework. A criminal brand within “The Com” alongside Scattered Spider, LAPSUS$, Cordial Spider, Snarky Spider, CoinbaseCartel.

Three organizational properties · brand · collective · affiliate

Each property is structurally different from the traditional APT model. Together they produce an operational architecture that scales through the criminal economy.

▲ Property 01

A brand

Not a hierarchical organization. Multiple threat clusters operating under ShinyHunters branding. Mandiant tracks UNC6661/UNC6671/UNC6240/UNC6395. Attribution is structurally probabilistic, not deterministic. Branding is situational across operations.

4+ threat clusters under one brand

▲ Property 02

Within The Com

A loosely affiliated cybercriminal community of English-speakers including Scattered Spider, LAPSUS$, Cordial Spider, Snarky Spider, CoinbaseCartel. Members rotate, collaborate, fork. “Who ShinyHunters is” is not a stable answer. Defensive infrastructure focused on individuals misses the playbook.

6+ active clusters within The Com

▲ Property 03

An affiliate program

Formal Extortion-as-a-Service operation with 25-30% affiliate revenue share. Mirrors RaaS economics but applied to extortion-without-encryption. Removes operational complexity of ransomware deployment while maintaining extortion leverage. ShinySp1d3r ransomware platform under dev as escalation option.

25-30% affiliate revenue share

The actual operational threat is the playbook itself — vishing → SSO compromise → SaaS exfiltration → extortion — replicated across dozens of clusters within The Com. Defending against ShinyHunters specifically is the wrong threat model. Defending against the playbook is the right one.

AI vishing capability stack · why scale is now operational

Amazon

enterprise cybersecurity threat detection tools

As an affiliate, we earn on qualifying purchases.

Voice cloning crossed the indistinguishable threshold.

The technical innovation enabling industrial-scale operations. 3 seconds of audio is sufficient. Voice biometrics are bypassed. Sub-1-hour compromise-to-exfiltration. IT helpdesks are the primary attack surface.

Five capability layers · industrialized AI vishing operation

Each layer is built on commercially available AI capability. Together they enable thousands of calls per day with conversational quality indistinguishable from real IT staff.

01Voice
Voice cloning models
VALL-E and similar models · 3 seconds of audio sufficient · public sources: LinkedIn videos, conference recordings, podcasts, executive interviews. Voice biometrics bypassed per Nature Machine Intelligence.
3 secaudio sufficient
02Convo
Conversational AI agents
LLMs trained on customer service interactions · respond to questions, handle pushback, adapt to user behavior in real time. Static voice clone + dynamic conversation = operationally useful agent.
1,000+calls/day at retailers
03Recon
Reconnaissance automation
AI scraping of company directories, LinkedIn, social media, leaked breach data. Each call references the employee’s manager, current projects, recent acquisitions, internal terminology. All from publicly available reconnaissance.
82.6%phishing AI-generated
04MFA
Real-time MFA interception
Vishing-driven SSO phishing pages capture authentication tokens in real time. Victim-branded credential harvesting sites with Tucows-registered domains. Custom phishing kits with scripts controlling authentication flow in victim’s browser.
<1 hrcompromise→exfil
05Multi
Multi-vector coordination
Email phishing + SMS smishing + voice vishing in coordinated sequences. Email primes target → SMS adds urgency → vishing call closes the loop with verbal authorization request. 3.4 billion phishing emails per day globally.
3.4Bphishing emails/day

The IT helpdesk is the primary attack surface because helpdesks exist to help. Their service-oriented design makes them inherently vulnerable to social engineering. Hardening requires removing helpfulness from the trust model. Mandatory video verification. Multi-person approval. Dedicated security channels.

Multi-revenue-stream business model · the EaaS architecture

Amazon

cybersecurity breach response kits

As an affiliate, we earn on qualifying purchases.

Four revenue streams. A platform business.

ShinyHunters operates a multi-stream business model with revenue from direct extortion, bulk data sales, BreachForums administration, and affiliate revenue share. Structurally similar to legitimate platform economics, applied to extortion-without-encryption.

Four revenue streams · the EaaS business model

The structural innovation: applied platform economics to criminal extortion. Affiliates plug into infrastructure; ShinyHunters operates the platform; revenue share aligns incentives.

▲ STREAM 01

Direct extortion

$500K-$65Mper company

Payment from compromised orgs to not publish data. Telus $65M demand · typical range $500K-$10M. “Pay or leak” model — no decryption keys needed.

▲ STREAM 02

Bulk data sales

$1Mper company premium

Stolen datasets sold to ransomware affiliates and other criminal actors. EclecticIQ: ShinyCorp persona communicates via Telegram and qTox. Airline data at $1M per company.

▲ STREAM 03

BreachForums administration

Revenuefrom marketplace ops

Operating the cybercrime marketplace that hosts both ShinyHunters’ own data and third-party criminal data. Platform economics applied to criminal infrastructure.

▲ STREAM 04

EaaS affiliate revenue

25-30%affiliate share

Affiliates access ShinyHunters infrastructure in exchange for revenue share on successful extortions. Mirrors RaaS economics. Scales operations without scaling headcount.

New defensive framework · identity-centric posture

Amazon

AI-enabled security monitoring systems

As an affiliate, we earn on qualifying purchases.

Defending against the playbook, not the actor.

Enterprise security needs to operate at AI-vs-AI speed against AI-enabled adversaries. Identity infrastructure hardening is the primary defense layer — not network perimeter, not endpoint detection. Structural shift from the 2010s defensive posture.

Five defensive priorities · identity-centric architecture

Each represents a structural shift from network-centric defense. Highest-leverage first.

▲ PRIORITY 01
HIGHEST LEVERAGE

Phishing-resistant MFA · everywhere.

FIDO2 security keys, passkeys, Windows Hello. Resist vishing-driven MFA bypass that current ShinyHunters operations rely on. SMS-based and push-based MFA are no longer adequate. Mandiant’s January 2026 guidance explicitly recommends transition.

▲ PRIORITY 02
HELPDESK HARDENING

Remove helpfulness from the trust model.

Live video verification for password and MFA resets. Multi-person approval for high-privilege identity changes. Dedicated authentication change channels. Mandatory ticketing for all authentication operations. Most enterprises have not implemented these controls.

▲ PRIORITY 03
SAAS OBSERVABILITY

Visibility into identity + SaaS activity.

Okta + Entra ID audit logs into SIEM. SharePoint/OneDrive download events. Salesforce SOQL query volume. UserAgent capture for PowerShell-based access. Without visibility, detection is structurally impossible.

▲ PRIORITY 04
WORKFORCE AWARENESS

Train workforce on AI vishing specifically.

Any incoming call requesting authentication changes is a security event regardless of who the caller claims to be. Voice familiarity is no longer authentication — AI cloning indistinguishable from real. Time pressure is an attacker tactic. Hangup, call back via known internal phone tree, verify through ticketing.

▲ PRIORITY 05
IR READINESS

Build extortion playbooks · not just ransomware.

Most enterprises have ransomware playbooks but not extortion-without-encryption playbooks. Different decision tree on payment (no decryption keys to recover). Different regulatory landscape. Crowd-sourced pressure response · public-affairs strategy · affected-party notification.

The traditional APT framework has been replaced. ShinyHunters is the canonical example of the new model — a brand, a collective, an affiliate program, an AI-enabled capability stack, a multi-revenue-stream business operation. The defenders’ threat models need to update.

— Software security · the new APT model · Part 5 · May 2026

Implications of the New ShinyHunters Threat Model for Enterprises

The evolution of ShinyHunters into a scalable, AI-enabled extortion collective presents a paradigm shift in cyber threat dynamics, which is also explored in The 2028 Model Lab Endgame. Unlike traditional nation-state or financially motivated groups, this collective’s operational structure allows rapid scaling, diversified revenue streams, and persistent campaigns across various sectors. Enterprises face heightened risks from AI-driven social engineering, large-scale data breaches, and extortion campaigns, requiring a reassessment of existing security frameworks.

Historical Development of ShinyHunters’ Operations

Initially emerging in 2020 as a database theft group, ShinyHunters exploited SQL injection vulnerabilities and sold stolen data on cybercrime forums. Between 2023 and 2024, the group shifted toward credential stuffing, leveraging weak MFA configurations on cloud platforms, exemplified by the 2024 Snowflake breach affecting over 165 customer environments. By 2025, they expanded into OAuth supply chain abuse, targeting SaaS integrations, with the August 2025 Drift/Salesloft campaign highlighting their growing sophistication.

Throughout this period, law enforcement actions targeted individual members and administrators, but the group’s core operational model persisted and expanded, culminating in 2026 with the adoption of AI-enabled tactics and a collective branding approach.

“ShinyHunters has transformed from a simple database theft group into a scalable, AI-powered extortion collective operating as a brand with a complex monetization architecture.”
— Thorsten Meyer, cybersecurity researcher

Unresolved Aspects of ShinyHunters’ Evolving Tactics

While researchers confirm the adoption of AI-enabled vishing and a collective branding model, the full extent of the group’s operational infrastructure, including the specific AI tools and affiliate network size, remains unclear. It is also uncertain how law enforcement actions have impacted their current capabilities or if new, undisclosed campaigns are already underway.

Next Steps in Monitoring and Defending Against ShinyHunters

Cybersecurity organizations will need to update threat models to account for AI-enabled social engineering and scalable extortion tactics. Ongoing monitoring of emerging campaigns, enhanced AI-driven detection methods, and coordinated law enforcement efforts are expected to be key priorities, similar to strategies outlined in The $9 Billion Signature Tax. Researchers anticipate that new campaigns are already staged or imminent, emphasizing the need for proactive defense strategies.

Key Questions

How has ShinyHunters’ operational model changed since 2020?

The group has evolved from opportunistic database theft to a scalable, AI-enabled extortion collective with a brand-like structure, affiliate programs, and diversified revenue streams, including data sales and victim pressure campaigns.

What role does AI play in ShinyHunters’ current tactics?

AI is primarily used for voice phishing (vishing) attacks, enabling social engineering at scale, increasing operational efficiency, and expanding their attack surface.

Why is this evolution significant for enterprise security?

This new model introduces more persistent, scalable, and socially engineered attacks, requiring organizations to rethink their defenses beyond traditional perimeter security and technical vulnerabilities.

Are law enforcement actions effective against this new model?

While targeted law enforcement actions have disrupted some operations, the collective’s distributed and brand-based structure makes it difficult to dismantle entirely, and new campaigns are likely already in progress.

What should organizations do to protect themselves?

Organizations should enhance AI-driven detection, reinforce multi-factor authentication, monitor for social engineering attacks, and adopt a threat intelligence approach that considers the evolving tactics of groups like ShinyHunters.

Source: ThorstenMeyerAI.com

ShinyHunters · The New APT Model.

Up next

The Roblox Cheat That Broke Vercel.

Author

BARRIER MAGZ

Share article

ShinyHunters.
The new APT model.