Redazione RHC : 18 September 2025 07:12
Fifteen of the most notorious cybercriminal groups, including Scattered Spider, ShinyHunters, and Lapsus$, have announced their closure. Their collective statement, published on BreachForums, is the most explicit message from the underground in recent years.
The group emphasized that their goal was less extortion than to demonstrate the weaknesses of digital systems. Now, however, they have declared that they prefer “silence” to public attacks.
The document, published under several pseudonyms of well-known hackers, claims that the decision was made after three days of silence, spent by the participants with their families and reviewing their plans in the event of persecution. They said they had been “waiting a long time” over the past 72 hours to finally confirm their exit strategy and internal alignment.
The text lists the high-profile incidents of recent months. These included the closure of Jaguar factories, attacks on Google that allegedly affected its Workspace, Gmail, and Person Finder services, and attacks on Salesforce and CrowdStrike infrastructure. The authors emphasized that they had deliberately blocked the progress of some cyberattacks, leaving companies in limbo, and that they had gradually abandoned their own tools, including the Tutanota email service.
The statement also contains direct warnings. It cites Kering, Air France, American Airlines, British Airways, and other major companies, which the group says have not yet received ransom demands, despite the possibility that their data has already been compromised. The message emphasizes that the governments of the United States, the United Kingdom, France, and Australia are under the illusion that they are in control of the situation, while attackers continue to monitor their activities.
Paragraph emphasis is placed on the arrests. The hackers expressed solidarity with the eight inmates, four of whom are in French prisons, calling them “scapegoats.” They claimed that these individuals were victims of the investigation, but there was no credible evidence against them. The perpetrators claimed to have intentionally left traces to mislead the investigation and reduce the risk to the real participants, using social engineering techniques.
Conflicts with law enforcement and intelligence agencies are specifically mentioned. The text states that participants learned distraction techniques from the “best,” directly citing CIA experience and the “lessons of Langley.” They emphasize that, in the long run, planning and influence are more important than technical skill.
The final part of the statement sounds like a farewell.
Hacker groups claim that their tasks are complete and it’s time to disappear. Some intend to “enjoy their golden parachutes” and amass millions, others intend to focus on research and technological development, and still others will simply retreat into the shadows. The authors, however, did not rule out the possibility that their names will continue to surface in future publications about cyberattacks on companies and government agencies, but emphasized that this does not mean they will remain active.
Despite the bombastic farewell manifesto, analysts are skeptical about the current situation. Black Duck warned that such statements should be taken with a grain of salt: they often only indicate a temporary retreat. BeyondTrust added that the story of GandCrab, which “left” in 2019 and returned as REvil, demonstrated that sensational announcements in the criminal world are rarely definitive. Bugcrowd emphasized that criminals are reorganizing or creating new structures, while iCOUNTER called such processes part of the normal underground cycle.
Therefore, the simultaneous “departure” of fifteen groupswas a noteworthy event in the cybercrime world, but it by no means represents the true disappearance of the threat. Changing names and roles does not eliminate the ransomware phenomenon itself; it simply masks it, leaving companies and government bodies exposed to the same risks.
We apologize for our silence and the ambiguities of our message, whose sole recipients did not understand the profound meaning.
These 72 hours spent in silence have been important for us to speak with our families, our relatives, and to confirm the efficiency of our contingency plans and our intentions.
These 72 hours had hoped for a long time.
As you know, the last weeks have been hectic. While we were amusing you, the FBI, Mandiant, and a few others by paralyzing Jaguar factories, (superficially) hacking Google 4 times, blowing up Salesforce and CrowdStrike defenses, the final parts of our contingency plans were being activated.
You might or might not have realized, but our behavior evolved recently. When we entered into Google systems, we decided not to pursue over a certain point. In among others, we willingly left them in wonder of whether Google's Workspace, Person Finder, GMAIL including legacy branches got dominated.
This has been happening more and more, as we decided to progressively abandon some of our tools (Hello, Tutanota) and our correspondents to their own faith.
Will Kering, Air France, American Airlines, British Airlines, and among many other critical infrastructure face THE CONSEQUENCES OF THEIR PUBLIC OR SECRET data breaches? I'd wonder too if I was them, as they know some have yet to receive any demand for ransom - or anything else.
Are their data currently being exploited, whilst US, UK, AU, and French authorities fill themselves with the illusions thinking they have gotten the situation under control?
Do they know that we're observing them as they painfully try to upload their HD logos to the BF servers? How do they painfully try to convince judges that they have found, for the second time in a row, the real Hollow? As they claim to arrest members of the real dark forces, on the other side of the Mediterranean, to better protect the system and its real leaders?
Have they not realized we were everywhere?
Vanity is never but an ephemeral triumph. And manipulation of opinion is never anything else than vanity.
This is why we have decided that silence will now be our strength.
You may see our names in new data breach disclosure reports from the tens of other multi billion dollar companies that have yet to disclose a breach, as well as some governmental agencies, including highly secured ones, that does not mean we are still active.
Judicial decisions will keep on busy police officers, magistrates and journalists.
They will all be dead traces of the past.
We want to share a thought for the eight people that have been raided or arrested in relations to these campaigns, Scattered Spider and/or ShinyHunters groups since beginning on April 2024 and thereafter 2025, and especially to the four who are now in custody in France.
We want to expand our regrets to their relatives, and apologize for their sacrifice. Any State needs its scapegoat. Those carefully selected targets are the last collateral victims of our war on power, and the use of our skills to humiliate those who have humiliated, prey on those who have preyed. We have ensured that the investigations targeting them will progressively fall apart, and that their mild vanity sins will not inflict on them, long term consequences.
We have done so by ensuring that enough of our dirty laundry would hint to them, whilst keeping them away from any serious liability. We've learned this from the best. This fine, tightrope walker equilibrium, so few are capable of reaching, is taught on an every day basis at Langley.
This is the last lesson we wanted to share with you. Talent and skill is not everything. Planning and power rule the world.
We will not try to help anyone anymore, directly or indirectly, to establish their innocence.
We've decided to let go.
It is now time to offer you what you have been waiting for. The truth.
We LAPSUS$, Trihash, Yurosh, yaxsh, WyTroZz, N3z0x, Nitroz, TOXIQUEROOT, Prosox, Pertinax, Kurosh, Clown, IntelBroker, Scattered Spider, Yukari, and among many others, have decided to go dark.
Our objectives having been fulfilled, it is now time to say goodbye.
If you worry about us, don't. The most stupid (Yurosh, Intel - say hi, you poor La Santé impersonator) will enjoy our golden parachutes with the millions the group accumulated. Others will keep on studying and improving systems you use in your daily lives. In silence.
Others finally will just go gentle into that good night.
Thank you to everyone who has watched and stuck around.
Goodbye.
Redazione