EclecticIQ analysts assess with high confidence that ShinyHunters is expanding its operations by combining AI-enabled voice phishing, supply chain compromises, and leveraging malicious insiders, such as employees or contractors, who can provide direct access to enterprise networks.

ShinyHunters is very likely relying on members of Scattered Spider and The Com to conduct voice phishing attacks that provide unauthorized access to single sign-on (SSO) platforms used by retail, airline, and telecom companies. The group uses this access to exfiltrate large volumes of customer data and extort victim organizations.

Analysts observed that ShinyHunters leader, ShinyCorp, is actively selling stolen datasets with ransomware affiliates and other eCrime actors, at prices exceeding $1M per company...