ShinyHunters

Also known as UNC6240
Reports
59
First seen
Oct 15
Last seen
Jun 24
Motivation
extortion, financial, financial extortion

Targeting

Sectors
education ×13retail ecommerce ×7telecommunications ×5healthcare ×4other ×4government ×2technology ×2media entertainment ×2
Victim regions
United States ×32United Kingdom ×4European Union ×2

Top ATT&CK techniques

T1190 Exploit Public-Facing Application ×20T1005 Data from Local System ×18T1566 Phishing ×16T1041 Exfiltration Over C2 Channel ×14T1195 Supply Chain Compromise ×10T1486 Data Encrypted for Impact ×10T1078 Valid Accounts ×9T1110 Brute Force ×8T1567 Exfiltration Over Web Service ×7T1598 Phishing for Information ×6T1059 Command and Scripting Interpreter ×6T1021 Remote Services ×5

Indicators

cve ×141domain ×62ip_v4 ×41hash_sha256 ×14filename ×6hash_md5 ×5bitcoin_address ×1hash_sha1 ×1

Indicator values are available on Pro and via the API.

Associated CVEs

Recent reports

Medium

Shinyhunters claims new victim on ransomware.live

ransomware.live
High

Shinyhunters claims breach of icsecurity.com with 2.7M records

ransomware.live
High

Shinyhunters claims breach of Amazon-owned OneMedical

ransomware.live
Critical

Shinyhunters claims compromise of NAIC and state insurance regulators

ransomware.live
High

Kodak confirms data breach claimed by ShinyHunters extortion gang

Bleeping Computer
Medium

Shinyhunters publishes new victim via ransomware.live

ransomware.live
High

Shinyhunters claims Ralph Lauren victim in ransomware attack

ransomware.live
Critical

Shinyhunters publishes Illinois Central College data breach

ransomware.live
Critical

Shinyhunters publishes Moody Bible Institute data breach

ransomware.live
High

Shinyhunters publishes Glendale Community College data breach

ransomware.live
High

Council of Europe investigates ShinyHunters data breach claims

Bleeping Computer
Critical

Shinyhunters publishes HCCS student records on ransomware.live

ransomware.live
High

Shinyhunters claims breach of Kodak, demands ransom

ransomware.live
High

Shinyhunters claims Deep Well Services ransomware victim

ransomware.live
High

Shinyhunters Claims Sysco Corporation Breach on Ransomware.live

ransomware.live
High

Weekly Cybersecurity Recap: Chrome 0-Day, Oracle PeopleSoft Exploit, Supply Chain Attacks

The Hacker News
Critical

Check Point Threat Intelligence Report – 15 June 2026

Check Point Research
High

Infinite Campus data breach exposes 137,000 school staff accounts via Salesforce attack

Bleeping Computer
Critical

Shinyhunters publishes Council of Europe data breach; 297 GB of HR and payroll records

ransomware.live
Critical

ShinyHunters actively extorting universities after exploiting Oracle PeopleSoft zero-day

CyberScoop
High

Shinyhunters claims Madison Square Garden Sports Corp. as ransomware victim

ransomware.live
High

Shinyhunters claims JCPenney and Authentic Brands Group subsidiaries in ransomware extortion post

ransomware.live
High

Shinyhunters claims American Tower Corporation victim on ransomware.live

ransomware.live
High

Shinyhunters publishes Zayo and Allstream as ransomware victims

ransomware.live
Critical

ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach Universities

The Hacker News
Critical

Oracle patches critical PeopleSoft zero-day exploited by ShinyHunters in data theft attacks

Bleeping Computer
High

University of Nottingham confirms cyber incident; ShinyHunters claims data theft

The Record (Recorded Future News)
High

Shinyhunters claims breach of Nexstar.tv; 1M+ Salesforce records and PII exposed

ransomware.live
High

Shinyhunters publishes Ralph Lauren Corporation as ransomware victim

ransomware.live
High

Nottingham University data breach affects over 450,000 students

Bleeping Computer

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.