ShinyHunters Collective Linked to Qantas Data Breach: Australian Airline’s Security Compromised

When Qantas first disclosed that it had fallen victim to a cyber attack compromising the personal data of millions of its customers, many experts initially attributed the breach to the Scattered Spider hacking collective. However, recent investigations by Bleeping Computer suggest that the hacking group known as ShinyHunters may actually be responsible for the breach affecting 5.7 million individuals. This shift in attribution highlights the evolving landscape of cyber threats and the complexities involved in identifying the perpetrators behind such significant data breaches.

Bleeping Computer reported that a series of data breaches impacting various companies, including Qantas, Allianz Life, LVMH, and Adidas, have been linked to the ShinyHunters extortion group. This group has reportedly employed voice phishing attacks to extract data from Salesforce CRM instances. Experts believe there is considerable overlap in the membership and tactics of both ShinyHunters and Scattered Spider, indicating a potential collaboration between the two groups. Allan Liska, an intelligence analyst for Recorded Future, noted that the shared tactics, techniques, and procedures (TTPs) between the two groups further support this theory.