Cyberside Chats: Cybersecurity Insights from the Experts

Ransomware Gangs Are Teaming Up

Listen

Description

Ransomware gangs aren’t operating alone anymore and the lines between them are increasingly blurry.

In this episode of Cyberside Chats, we look at how modern ransomware groups collaborate, specialize, and team up to scale attacks faster. Using ShinyHunters’ newly launched data leak website as an example, we discuss how different crews handle access, social engineering, and data exposure, and why overlapping roles make attribution, defense, and response harder.

We also explore what this shift means for security leaders, from training and identity protection to preparing for data extortion that doesn’t involve encryption.

 

Key Takeaways

1. Harden identity and SaaS workflows, not just endpoints - Review help desk procedures, SSO flows, OAuth permissions, and admin access. Many recent incidents succeed without malware or exploits.

2. Train staff for voice phishing and IT impersonation - Add vishing scenarios to security awareness programs, especially for help desk and IT-adjacent roles.

3. Limit blast radius across cloud and SaaS platforms - Enforce least privilege, audit third-party integrations, and regularly review OAuth scopes and token lifetimes.

4. Plan for data extortion without ransomware - Update incident response plans and tabletop exercises to assume data theft and public exposure, even when no systems are encrypted.

5. Practice executive decision-making under data exposure pressure - Tabletop exercises should include legal, communications, and leadership discussions about public leaks, reputational risk, and extortion demands.

 

Resources

1. Panera Bread Breach Linked to ShinyHunters and Voice Phishing

https://mashable.com/article/panera-bread-breach-shinyhunters-voice-phishing-14-million-customers

2. BreachForums Database Leak Exposes 324,000 Accounts

https://www.bleepingcomputer.com/news/security/breachforums-hacking-forum-database-leaked-exposing-324-000-accounts/

3. BreachForums Disclosure and ShinyHunters

https://blog.barracuda.com/2026/01/26/breachforums-disclosure-shinyhunters

4. Scattered LAPSUS$ Hunters: 2025’s Most Dangerous Cybercrime

https://www.picussecurity.com/resource/blog/scattered-lapsus-hunters-2025s-most-dangerous-cybercrime-supergroup

5. Microsoft Digital Defense Report

https://www.microsoft.com/security/business/security-insider/microsoft-digital-defense-report