Three Infamous Cybercriminal Groups Form A New Alliance Dubbed...
Three well-known threat groups have consolidated into a unified cybercriminal entity that represents a significant shift in underground tactics.
Scattered LAPSUS$ Hunters (SLH) emerged in early August 2025 as a federated alliance combining Scattered Spider, ShinyHunters, and LAPSUS$, creating what researchers describe as the first consolidated alliance among mature cybercriminal clusters.
This consolidation marks a deliberate strategic move within the cybercriminal underground, where established threat actors are merging reputational assets and operational capabilities to create a more formidable collective.
The alliance entered the threat landscape through Telegram, leveraging the platform as its primary operational base and marketing channel.
Unlike traditional cybercriminal actors who maintain minimal visibility, SLH adopted a highly performative approach, combining sensationalist messaging with proof-of-compromise announcements and public engagement strategies.
The group’s first verified channel appeared on August 8, 2025, establishing what would become a consistent pattern of theatrical branding and coordinated communication that blurs the line between attention-driven hacktivism and financially motivated cybercrime.
Since its inception, Trustwave analysts have noted that the group has demonstrated remarkable operational persistence despite repeated platform disruptions.
Telegram channels have been removed and recreated at least sixteen times under varying name iterations, yet SLH consistently re-established its presence within hours, signaling extraordinary determination to maintain public visibility and control over narrative construction.
Trustwave researchers identified sophisticated technical capabilities underlying SLH’s operations.
The collective exhibits genuine exploit development and acquisition competencies, particularly targeting high-value enterprise systems including CRM platforms, Database Management Systems, and SaaS infrastructure.
Source: Cybersecurity News
