Unit 42 Reports on Scattered Lapsus Hunters: New Extortion Gang Linked to Salesforce and Red Hat Breaches

Unit 42, Palo Alto Networks' threat intelligence team, has identified a new extortion gang named Scattered Lapsus Hunters, which is allegedly responsible for recent high-profile breaches at Salesforce and Red Hat. According to the information available, this group is involved in ransomware and extortion attacks targeting major enterprises. The selection of Salesforce and Red Hat as targets is significant. Salesforce is a leading provider of cloud-based CRM solutions, while Red Hat is a prominent enterprise open-source software company. Both organizations handle vast amounts of sensitive data, making them attractive targets for cybercriminals. Successful breaches at such entities can lead to substantial data loss, reputational damage, and potential downstream effects on their extensive customer networks. The name Scattered Lapsus Hunters suggests a possible link to the Lapsus$ group, which gained notoriety for its high-profile attacks. The term "Scattered" may indicate a decentralized or loosely affiliated structure, a trend observed in many contemporary cybercriminal groups. This decentralization can pose challenges for attribution and mitigation efforts. The group's use of ransomware and extortion tactics is consistent with the broader trend of financially motivated cybercrime. These attacks often begin with initial access gained through phishing or exploitation of vulnerabilities, followed by lateral movement within the network to exfiltrate sensitive data before deploying ransomware. The dual threat of data encryption and public exposure increases the pressure on victims to comply with ransom demands. The emergence of Scattered Lapsus Hunters underscores the evolving threat landscape, where new groups with advanced capabilities continually emerge. For cybersecurity professionals, this highlights the need for robust defense strategies, including regular vulnerability assessments, employee training to prevent phishing attacks, and comprehensive incident response plans. The targeting of major enterprises like Salesforce and Red Hat indicates that no organization is immune to such threats, regardless of its size or security posture. Organizations must adopt a proactive approach to cybersecurity, leveraging threat intelligence and advanced detection technologies to identify and mitigate threats before they can cause significant damage. In conclusion, the activities of Scattered Lapsus Hunters serve as a reminder of the persistent and evolving nature of cyber threats. Cybersecurity professionals must remain vigilant, continually updating their defenses and response strategies to counter these sophisticated adversaries.