ShinyHunters
Also known as UNC6240
Reports
59
First seen
Oct 15
Last seen
Jun 24
Motivation
extortion, financial, financial extortion
Targeting
Sectors
education ×13retail ecommerce ×7telecommunications ×5healthcare ×4other ×4government ×2technology ×2media entertainment ×2
Victim regions
United States ×32United Kingdom ×4European Union ×2
Top ATT&CK techniques
T1190 Exploit Public-Facing Application ×20T1005 Data from Local System ×18T1566 Phishing ×16T1041 Exfiltration Over C2 Channel ×14T1195 Supply Chain Compromise ×10T1486 Data Encrypted for Impact ×10T1078 Valid Accounts ×9T1110 Brute Force ×8T1567 Exfiltration Over Web Service ×7T1598 Phishing for Information ×6T1059 Command and Scripting Interpreter ×6T1021 Remote Services ×5
Indicators
cve ×141domain ×62ip_v4 ×41hash_sha256 ×14filename ×6hash_md5 ×5bitcoin_address ×1hash_sha1 ×1
Indicator values are available on Pro and via the API.
Associated CVEs
CVE-2026-35273 (exploited)CVE-2026-50751 (exploited)CVE-2026-41091 (exploited)CVE-2026-0300 (exploited)CVE-2026-35616 (exploited)CVE-2025-41244 (exploited)CVE-2025-27915 (exploited)CVE-2024-40766 (exploited)CVE-2025-59528 (exploited)CVE-2025-55182 (exploited)CVE-2025-61882 (exploited)CVE-2025-8088 (exploited)CVE-2026-0257 (exploited)CVE-2024-50383 (exploited)CVE-2026-20182 (exploited)CVE-2025-49844CVE-2026-20127 (exploited)CVE-2026-20230 (exploited)CVE-2026-2441 (exploited)CVE-2026-11645 (exploited)
Recent reports
Medium