Shinycorp

ShinyCorp is described in the provided content as a cybercriminal actor associated with ShinyHunters and with the ShinySpider (also written Sh1nySp1d3r or ShinySP1D3R) ransomware-as-a-service operation. The content states that ShinyCorp actively sold stolen datasets together with ransomware partners and other e-crime actors, with prices exceeding $1 million per company. It also describes ShinyHunters/ShinyCorp as responsible for attacks and says the group sold stolen data while working with extortion partners. The associated activity in the content includes data theft and extortion, including theft of large customer datasets from airline victims, seven-figure extortion demands, and publication of stolen data samples on LimeWire to pressure victims. The broader operation linked in the content is described as targeting VMware ESXi environments for large-scale encryption of virtual machines, using ChaCha20 with RSA-2048-protected keys, appending unique extensions, and dropping ransom notes such as R3ADME_xxxxxxxx.txt. The content further claims expansion in 2025 to AI-enabled voice phishing, supply-chain compromise, and insider recruitment, and alleges collaboration with affiliates of Scattered Spider and The Com against single sign-on platforms in the retail, airline, and telecommunications sectors. No nation-state attribution is stated in the provided content. Known associated names and aliases directly mentioned are ShinyHunters and ShinySpider/Sh1nySp1d3r/ShinySP1D3R.