ShinyHunters Now Operating as Extortion-as-a-Service Following Red Hat Data Breach
A notorious hacking group known as ShinyHunters,linked to numerous past data breaches,has evolved its operations to offer “Extortion-as-a-Service” (EaaS),taking a revenue share from attacks carried out by other threat actors. This shift comes as ShinyHunters claims responsibility for extorting Red Hat and SP Global, releasing stolen data to pressure both companies into payment.
despite multiple arrests of individuals associated with ShinyHunters in recent years - including those connected to breaches at Snowflake, PowerSchool, and the operation of the Breached v2 hacking forum – attacks attributed to the group continue. ShinyHunters now states they privately operate as an EaaS, receiving 25-30% of any extortion payments made in connection with attacks they facilitate for others. “Everyone i’ve worked with in the past have taken 70 or 75% and I receive a 25-30%,” the threat actor told BleepingComputer.
The group recently launched a data leak site, publicly advertising their extortion service. Currently, Red Hat and SP Global are listed on the site. SP Global was allegedly breached in February 2025, though the company initially denied the claims to BleepingComputer.ShinyHunters has since released samples of data purportedly stolen from SP Global, setting an October 10th deadline for payment. SP Global has as declined to comment on the claims, stating they are required to publicly disclose any “material cybersecurity incidents” as a US listed company.
