A hacker collective identifying itself as the Scattered LapSus Hunters has issued a direct threat to Google, demanding the termination of two of the company’s security employees. The group claims it will leak internal data unless Google complies.
The threat was first reported after a Telegram post from the group surfaced online. In the post, the Scattered LapSus Hunters demanded that Google dismiss two members of its Threat Intelligence team and cease investigations into their activities.
The names of the employees were not disclosed. No evidence of a breach has been provided by the group, as reported by WION.
Origins of the Hacker Collective
The Scattered LapSus Hunters present themselves as an alliance of three known cybercriminal groups: Scattered Spider, LapSus$, and ShinyHunters. Each of these groups has a history of high-profile cyberattacks.
- Scattered Spider is linked to social engineering and ransomware operations.
- LapSus$ has previously breached Microsoft, NVIDIA, and other tech firms.
- ShinyHunters is known for stealing and selling data from platforms such as Wattpad and Tokopedia.
It is unusual for hacker groups to demand the firing of specific employees, which suggests the group may be targeting individuals who are actively working to expose or disrupt their operations.
Recent Breach via Salesforce Vendor
The threat follows a recent incident in August involving one of the hacker collectives, which accessed data from Salesforce, a third-party vendor that provides services to Google. While core Google systems were not compromised, the attackers obtained business contact data.
In response, Google issued a global password reset advisory to its 2.5 billion Gmail users, citing a rise in phishing and voice phishing (“vishing”) attempts using the stolen Salesforce data.
Despite this event, there is no indication that Google’s internal systems have been breached. The company has not confirmed any compromise nor responded to the latest demand from the Scattered LapSus Hunters.
Security Implications and Company Response
Google has not issued a public statement regarding the ultimatum. As of now, the company appears to be withholding any official response until verifiable evidence emerges.
Complying with such demands, especially the firing of named employees, would be unprecedented and could encourage similar extortion attempts in the future.
If the Scattered LapSus Hunters eventually release credible proof of access, Google may be forced to respond with public disclosures and containment measures. Until then, the incident remains a high-profile test of how large tech companies handle threats without validation.
The Cyber Express is closely monitoring the situation, and we’ll update this post once we have any official communication or statement from the company.
