Overview

• US authorities, supported by France’s cybercrime units, seized clear‑web infrastructure linked to the collective and displayed an FBI seizure notice.
• The group’s dark‑web leak site remains online, and its campaign targeting Salesforce‑hosted data continues despite the takedown.
• A pinned message set a deadline of 11:59 PM New York time on October 10 to leak data from companies that do not pay, with the hackers claiming roughly one billion records.
• Scattered Lapsus$ Hunters mocked the action on Telegram before the channel was locked down.
• The extortion effort follows a widespread social engineering campaign against Salesforce environments, and Salesforce has publicly refused to negotiate, with named victims including Qantas, Disney, McDonald’s and UPS.