A hacking collective identifying itself as **Scattered LapSus Hunters**—a coalition of members from **Scattered Spider, LapSus$, and ShinyHunters**—has threatened to leak Google’s internal databases unless the company terminates two employees: **Austin Larsen and Charles Carmakal**, both part of Google’s **Threat Intelligence Group**. The group also demanded Google halt its investigations into their network. While no direct evidence of a breach into Google’s systems was provided, the threat follows a confirmed incident in **August 2023**, where **ShinyHunters** (a subgroup within the collective) exfiltrated data from **Salesforce**, a third-party vendor used by Google. The attack appears to be a **targeted extortion attempt**, leveraging reputational pressure and potential operational disruption. Although no Google-owned data has been confirmed as compromised, the threat exploits prior third-party vulnerabilities to coerce compliance. The involvement of **Google Threat Intelligence Group**—a team focused on countering cyber threats—suggests the attackers aim to undermine Google’s defensive capabilities while exploiting media exposure for leverage. The lack of immediate data leaks or system infiltrations keeps the direct impact speculative, but the reputational risk and operational strain (e.g., potential internal investigations, PR fallout) remain significant.
Source: https://www.newsweek.com/hackers-issue-ultimatum-data-breach-2122489
TPRM report: https://www.rankiteo.com/company/googlecloudsecurity
"id": "goo905090225",
"linkid": "googlecloudsecurity",
"type": "Cyber Attack",
"date": "8/2023",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'technology',
'location': 'Mountain View, California, USA',
'name': 'Google',
'size': 'large (multinational)',
'type': 'corporation'},
{'industry': 'cloud computing / CRM',
'location': 'San Francisco, California, USA',
'name': 'Salesforce',
'size': 'large (multinational)',
'type': 'corporation'}],
'description': "A hacking group, identifying itself as 'Scattered LapSus "
"Hunters' (a collective of members from Scattered Spider, "
'LapSus, and ShinyHunters), threatened to leak Google '
'databases unless the company fires two employees: Austin '
'Larsen and Charles Carmakal (both part of Google Threat '
'Intelligence Group). The group also demanded the suspension '
'of Google Threat Intelligence Group investigations into their '
'network. No proof of access to Google databases was provided, '
'but the threat follows a prior incident in August where '
'ShinyHunters obtained data from Salesforce, a third-party '
'service provider for Google.',
'impact': {'brand_reputation_impact': 'potential (due to public threat and '
'media coverage)'},
'initial_access_broker': {'high_value_targets': ['Google Threat Intelligence '
'Group',
'Google databases']},
'investigation_status': 'ongoing (developing story)',
'motivation': ['extortion', 'disruption of investigations', 'retaliation'],
'references': [{'source': 'Newsweek'}],
'response': {'communication_strategy': 'media statement pending (Newsweek '
'contacted Google for comment)'},
'threat_actor': ['Scattered LapSus Hunters',
'Scattered Spider',
'LapSus',
'ShinyHunters'],
'title': 'Hackers Threaten to Leak Google Databases Unless Employees Are '
'Fired',
'type': ['threat', 'extortion', 'potential data breach']}