On August 8, 2025, a collection of cybercrime groups announced they had formed a collective. Scattered Spider, Lapsus$, and ShinyHunters now operate together. They have already created at least 16 Telegram channels. This is not a merger of equals. It is a pooling of resources between groups that have spent years building separate but overlapping reputations for chaos.
To understand why this matters, you have to look at who these groups are. Scattered Spider is also known as UNC3944. Security researchers recently identified the same crew as ShinyHunters. The group consists mostly of teens and young adults believed to be based in the United States and the United Kingdom. They are affiliated with a cybercriminal network called “The Com,” specifically a subset known as Hacker Com. This is not a formal organization. It is a loose online subculture where young hackers trade techniques, brag about breaches, and coordinate attacks.
Scattered Spider made headlines in 2023 for hacking Caesars Entertainment and MGM Resorts International. Those were not quiet operations. The MGM attack shut down hotel key card systems, casino floor machines, and reservation systems across the company’s properties. Caesars paid a ransom. The group did not stop there. Their targets have included Visa, Marks & Spencer, PNC Financial Services, Transamerica, New York Life Insurance, Synchrony Financial, Truist Bank, Twilio, and JLR. Each attack followed a similar pattern: social engineering to get initial access, then lateral movement inside networks, then extortion.
Lapsus$ operated differently. The group, also composed of young hackers, targeted technology companies. They breached Microsoft, Okta, NVIDIA, and Samsung. Their method was simple: they bribed employees at call centers or telecom companies to get SIM swaps or password resets. They did not use sophisticated malware. They used phone calls and chat messages. Lapsus$ members were arrested in the United Kingdom and Brazil. Yet the group never fully disbanded.
ShinyHunters focused on data theft and sales. The group stole and sold databases from companies like Wattpad, Tokopedia, and Microsoft’s GitHub. They operated dark web marketplaces where stolen data was traded like commodities. The identification of ShinyHunters as the same group as Scattered Spider blurred the lines between extortion, data theft, and hacktivism.
Members of Scattered Spider have been connected to the hacks against Snowflake cloud storage customers in the United States. Those attacks hit Ticketmaster, Santander Bank, and other major firms. More recently, the group has been linked to hacks against Qantas, the flag carrier of Australia. That demonstrates global reach. Australian airlines are not the usual target for American teenagers.
The formation of this collective changes the threat landscape. Each group brought different strengths. Scattered Spider brought social engineering skills and extortion experience. Lapsus$ brought telecom infiltration tactics. ShinyHunters brought data sales infrastructure. Together, they can share resources and expertise. The 16 Telegram channels are command centers. They allow the groups to communicate and coordinate efforts more effectively than ever before.
Cybersecurity experts are concerned. The collective represents a new era in cybercrime. Individual groups were dangerous. A coalition of groups with complementary skills is something else entirely. The young age of the hackers makes them unpredictable. They are not motivated by money alone. Status within “The Com” matters. Reputation matters. That can lead to attacks that are reckless and destructive.
The August 8 announcement was not a secret. It was a public declaration. The groups want to be seen. They want to be feared. The 16 Telegram channels are not hidden forums. They are broadcast platforms. The message is clear: three of the most active cybercrime groups are now working together. The targets list will likely grow. The methods will likely evolve. The collective has already shown it can hit casinos, banks, airlines, and cloud providers. No industry looks safe.
