Notorious Cyber Gang Vanishes, Leaves Behind Chilling Trail

The cybersecurity world just got a rude awakening. This morning, Scattered Lapsus$ Hunters announced their retirement through a cryptic farewell that left security teams more rattled than relieved. This is not just another criminal gang going dark, it is the curtain call of a supergroup born from the collaboration of three of the most dangerous cybercrime collectives in recent memory.

The note dropped in the early hours of Sept. 12, 2025, posted on BreachForums with the casual confidence of a startup pivot. Their goodbye reads like a greatest hits album of corporate devastation, complete with chilling hints about capabilities that kept Fortune 500 companies awake at night.

What they revealed about their secret capabilities

The farewell message was not just a goodbye, it was a victory lap. The group casually mentioned “paralyzing Jaguar factories, (superficially) hacking Google four times, blowing up Salesforce and CrowdStrike defenses” like weekend chores.

They claimed to have dominated “Google Workspace, Person Finder, and Gmail including legacy branches” and suggested extensive access to critical infrastructure of major airlines including Kering, Air France, American Airlines, and British Airlines.

Their summer campaign changed the temperature in every boardroom. Breach recently called the Summer of 2025 a pivotal one, with sophisticated social engineering campaigns that tricked employees into granting access to corporate Salesforce instances. That pivot unlocked massive data exfiltration affecting Google, Cisco, Workday, TransUnion, and major security firms like Proofpoint and Palo Alto Networks.

What makes this collective especially dangerous is the way they evolved. In August, The Register reported that three criminal groups (Scattered Spider, ShinyHunters, and Lapsus$) were working together on attacks. Their short-lived Telegram channel delivered what security researcher Nandakishore Harikumar called “a new phase in cyber extortion where clout and chaos are as much the objectives as money”.

The reason they are shutting down

The retirement note points to something darker than burnout. The criminals mentioned “eight people that have been raided or arrested” since April 2024, with four currently in custody in France. In July 2025, UK authorities arrested some members of the Scattered Spider group.

Their philosophical closer hints at the other force in the room. The reference to “funambulist equilibrium” being “taught every day at Langley” reads like an acknowledgment that intelligence agencies have been watching closely.

Then came the warning: “others will keep on studying and improving systems you use in your daily lifes in silence”. They are not disappearing, they are going underground and seeding their techniques to new operators who may be even harder to spot.

This crew emerged from the merger of Scattered Spider, ShinyHunters, and Lapsus$. Their line, “Talent and skill is not everything. Planning and power rule the world”, sounds like a lesson handed down to whoever comes next.

What this means for every business right now

The shutdown is not a sigh of relief, it is an inflection point. Their retirement does not mean safety, it shows how well their model worked and hands the next wave a playbook.

Over three years ago, Scattered Spider alone began a campaign that would target at least 130 organizations, including MGM Resorts, Clorox, and potentially Coinbase Global. Their mastery of social engineering proved that the most damaging attacks began not with sophisticated exploits, but with simple, convincing phone calls or emails. Low tech, high impact.

The timing of their attack on Jaguar Land Rover that crippled global manufacturing operations shows they stayed effective despite mounting law enforcement pressure. Production was suspended across the United Kingdom, Slovakia, China, India, and Brazil.

Security experts warn that their mention of “progressively abandon[ing] some of our tools” while others continue “in silence” points to fresh hands picking up their kits. The convergence of collaborative cybercrime, nation-state ambitions, and weaponized AI demands a more proactive approach. If I were running security, I would not relax.

The chilling reality is this, if a supergroup this successful can retire with a forum post and fade from view, what does that say about the dozens of other collectives still operating? Their final message was not just a goodbye, it was a manifesto for the future of cybercrime, a future where the most dangerous actors move in silence.