Extortion campaigns are increasingly relying on data theft instead of encryption, with threat actors like ShinyHunters, CLOP, and TeamPCP using faster exfiltration, supply chain compromise, and vishing to pressure victims into paying. Regulators, class-action risk, and frontier AI models such as Mythos are reshaping the threat landscape by compressing attack timelines and making pure data extortion more effective. #ShinyHunters #CLOP #TeamPCP #BlingLibra #HazyScorpius #LAPSUS #Vect #BlackFile #Mythos
Keypoints
- Encryption is used less often in extortion cases, while pure data theft and extortion are rising.
- ShinyHunters and CLOP are examples of threat actors shifting toward data-only pressure tactics.
- Mid-sized firms in professional services, healthcare, and consumer services are heavily targeted.
- TGR-CRI-1135 uses software supply chain compromise, while Bling Libra relies on vishing and SaaS tenant intrusion.
- Frontier AI models may soon accelerate intrusion speed, exfiltration, and extortion operations.
Read More: https://unit42.paloaltonetworks.com/cyber-extortion-economy/