The hacking scene has once again made headlines with a provocative declaration. A Telegram channel carried a message from a group styling itself as “Scattered LapSus Hunters.” They claim to have gained access to Google’s databases and threaten to publish them unless the company complies with their demands. Among the conditions are the dismissal of two members of the Threat Intelligence Group—Austin Larsen and Charles Carmakal—as well as the suspension of ongoing investigations into the group’s own activities.
The collective explained its name by asserting that it consists of alleged members from several notorious cybercrime communities: Scattered Spider, LapSus, and ShinyHunters. Each is well known within the security world: Scattered Spider for its sophisticated social engineering schemes, LapSus for its brazen attacks on major technology corporations, and ShinyHunters for years of selling massive stolen datasets on the darknet. A coalition of such disparate players would represent a formidable concentration of capabilities.
Yet no evidence has been provided to substantiate their claims of access to Google’s infrastructure. In fact, there have been no recent confirmed breaches of the corporation’s internal systems. The only incident tangentially connecting Google to the hackers mentioned occurred in August, when the company acknowledged that ShinyHunters had compromised Salesforce, a third-party contractor providing services to Google. The breach affected Salesforce’s systems, not Google’s own servers.
Despite this, the ultimatum appears to be a calculated attempt to exert pressure on members of Google’s Threat Intelligence Group—specialists dedicated to tracking and analyzing criminal networks. The hackers’ demands focus squarely on removing those who have been investigating them directly.
If this coalition truly exists, it would mark an unprecedented convergence of three distinct criminal domains: social engineering, high-profile corporate intrusions, and mass data leaks for resale. Such a synergy could, in theory, threaten even well-defended enterprises. For now, the situation remains murky, and the cybersecurity community is watching closely for the next move from the so-called Scattered LapSus Hunters.
