Threat actor
14 observed events
AIThe observations include 13 ransomware incidents and 1 data breach, targeting the retail, technology, healthcare, and business services sectors, with the United States as the only country identified.
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later publi…
AIShinyHunters claims to have breached icsecurity.com, as listed on the RansomLook extortion site. The claim is unverified.
AIShinyHunters claims to have data from healthcare provider Amazon-owned OneMedical.com in an unverified listing on Ransomware.live.
AIShinyHunters claims to have listed NAIC.org, a business services organization, on its extortion site. The claim is unverified.
AIShinyHunters claims to have data from "Service Notice: Scheduled Maintenance and Infrastructure Upgrades" in an unverified extortion site listing.
AIShinyHunters claims to have breached Ralph Lauren and listed the organization on their extortion site.
AIShinyHunters listed icc.edu on their extortion site, claiming a breach. This claim is unverified.
AIShinyHunters claims to have breached moody.edu, listed on its extortion site (unverified).
AIShinyHunters claims to have listed glendale.edu on RansomLook, an extortion-site listing. The claim is unverified.
AIShinyHunters claims to have breached hccs.edu, as listed on their extortion site and tracked by RansomLook.
AIShinyHunters claims to have listed kodak.com on RansomLook, an extortion-site listing, as an unverified breach.
AIShinyHunters has listed Deep Well Services on its extortion site, claiming to have stolen data. This is an unverified claim.
AISysco Corporation was listed by ShinyHunters on RansomLook; this is an unverified claim.