Cyber Threat Actor: Scattered Lapsus Hunters
| Actor Type | Location | Known Incidents |
Sensationalist
|
—
|
2 incidents |
|---|
Profile
Scattered Lapsus$ Hunters is the name used by a threat actor that claimed responsibility for a second intrusion into the European Space Agency after an initial breach involving a hacker using the alias '888'. The group first became known through its claim of stealing an additional five hundred gigabytes of data from the agency. No other aliases for the collective are mentioned in the available sources. The group’s claim of responsibility surfaced in December 2025 following the initial breach.
The intrusion focused on the European Space Agency, a European governmental organization responsible for space exploration and research. The stolen material included source code, API tokens, credentials, SQL files, operational procedures, spacecraft and mission details, subsystem documentation, and proprietary contractor data from partners such as SpaceX, Airbus and Thales Alenia Space. Employee email credentials from the agency were later observed on dark web forums, which the agency linked to poor cyber hygiene and the use of infostealer malware. The agency confirmed that a criminal investigation is underway regarding the compromise. The group’s claim of responsibility surfaced in December 2025 following the initial breach.
The reporting does not name any specific malware families beyond the generic reference to infostealer tools used in the compromise. No additional tooling, exploit frameworks, or post‑exploitation utilities are described in the available sources. The actor’s activity is therefore characterized solely by the credential‑theft method that led to the observed breach. No public linkage to a state sponsor, criminal syndicate, or other affiliation has been established for Scattered Lapsus$ Hunters. The agency warned that while the leaked data does not presently pose an immediate threat, aggregation of the stolen information could facilitate future attacks. To date, the European Space Agency incident remains the only publicly reported operation attributed to Scattered Lapsus$ Hunters.