10/8/25, 3:33 PM                           Red Hat data breach escalates as ShinyHunters joins extortion




























        This theory was based on the numerous attacks conducted by various threat actors, all of
        which were extorted under the ShinyHunters name, including those targeting Oracle
        Cloud and PowerSchool.


        Conversations with ShinyHunters further supported this theory, as the group has
        previously claimed not to be behind a particular breach but rather just acting as a broker of

        the stolen data.

        Furthermore, there have been numerous arrests of individuals associated with the name

        "ShinyHunters" over the years, including those linked to the Snowflake data theft
        attacks, breaches at PowerSchool, and the operation of the Breached v2 hacking forum.


        However, even after these arrests, new attacks occur with companies receiving extortion
        emails stating, "We are ShinyHunters".


        Today, ShinyHunters told BleepingComputer that they have been privately operating as an
        EaaS, where they take a revenue share from any extortion payments generated for other

        threat actors' attacks.


        "Everyone i've worked with in the past have taken 70 or 75% and I receive a 25-30%,"
        claimed the threat actor.


        With the launch of the ShinyHunters data leak site, it appears that the threat actor is
        now publicly operating the extortion service.


        In addition to Red Hat, ShinyHunters is also extorting SP Global on behalf of another
        threat actor that claimed to breach the company in February 2025.


        BleepingComputer had contacted SP Global at the time about the alleged breach, but was
        told that the claims were false and that the company was not breached.


      https://www.bleepingcomputer.com/news/security/red-hat-data-breach-escalates-as-shinyhunters-joins-extortion/  4/5