Small triangle design

Scattered Spider and ShinyHunters aren’t New Video Games

October 7, 2025

If you’re running a dealership, you’ve probably got enough on your plate: inventory, customer service, compliance, driving foot traffic, and keeping your digital tools up to date. But there’s a new kind of threat creeping into the industry, and it’s not just targeting the big guys anymore.

Meet the emerging cybercrime collectives like Scattered Spider and ShinyHunters, names that sound like video game characters but operate more like con artists with keyboards. These groups are bold, fast-moving, and increasingly focused on disrupting operations, stealing data, and extorting businesses. And yes, dealerships are absolutely on their radar.

Who Are These Groups?

Scattered Spider is known for aggressive social engineering, especially vishing (voice phishing). They impersonate IT staff to trick employees into handing over credentials. ShinyHunters is a group of experts in credential theft and exploiting third-party software vulnerabilities. They’ve targeted Salesforce environments and luxury retailers, often using access token abuse to bypass multi-factor authentication. Together, they’ve formed a loose alliance—sometimes called “Scattered Lapsus$ Hunters”—and have claimed responsibility for recent attacks on Jaguar Land Rover and Bridgestone Americas, disrupting production and retail operations. They use advanced AI tools to clone familiar voices or reproduce emails that are indiscernible from legitimate emails from trusted partners.

These groups don’t just steal data; they aim to cripple operations, lock down systems, and demand ransom. And they’re not shy about flaunting their success on Telegram channels, taunting victims and law enforcement alike. They crave notoriety as much as they do money!

How Do They Get In?

Here’s the playbook they often use:

  • Vishing & Impersonation: They call employees pretending to be IT support, asking them to “verify” login details or install a “security patch.”
  • OAuth Token Abuse: They trick users into connecting malicious apps to platforms like Salesforce, giving them backdoor access to CRM data.
  • Third-Party Exploits: They find vulnerabilities in vendor software (like SAP NetWeaver) and use it to infiltrate dealership systems.
  • Credential Stuffing: They use leaked passwords from other breaches to access dealership accounts that reuse credentials.

What Dealerships Can Do—Starting Today

You don’t need to invest a lot of money to make a big impact. Here are simple, high-impact actions your team can take right now:

  • Run a 15-Minute Awareness Huddle: Brief your team on vishing and impersonation tactics. Use real-world examples to make it stick.
  • Pause Before You Click or Answer: If someone calls claiming to be IT, verify their identity through internal channels. Don’t trust the caller ID alone.
  • Use Unique Passwords: Never reuse passwords across systems. Use a password manager if needed.
  • Report Suspicious Activity: If something feels off—an odd email, a strange login prompt—report it. Early detection is key.
  • Enable MFA Everywhere: Multi-factor authentication should be on for email, CRM, inventory systems, and anything cloud-based.
  • Create a “Red Flag” List: Document what suspicious activity looks like (e.g., login attempts at odd hours, password reset requests) and share it with staff.

Building a Cyber-Resilience Culture in your dealership gives everyone a mission to protect their dealership; celebrate when someone reports a phishing attempt, it’s a win! Make cybersecurity part of onboarding, and it establishes the right expectations from the start. Don’t shame mistakes; use them as teachable moments. None of this comes naturally; we must learn and grow as a team.

Dealerships are increasingly digital. From CRM systems to inventory platforms, your business runs on data. Groups like Scattered Spider aren’t just after the big OEMs; they’re targeting the entire supply chain. That includes you.

By taking small, smart steps today, you’re not just protecting your business; you’re building trust with your customers and resilience across your dealership. Accelerate2Compliance can help you build a culture of security in your dealership and make you a hard target, resilient to these clever cyber criminals. Contact us to learn more!

Speaker Profile Picture of Matthew Vatter

Matt Vatter

Chief Compliance Officer, Accelerate2Compliance

Small triangle design

Why A2C?

Compliance is an incredibly complicated topic, but our solution is the opposite of complicated: it’s just simple. We take the complexities of information security compliance and simplify them, so you can know what you need to do, do it efficiently, then get back to doing what you do best. You’ll get everything you need from us, and that’s all – you will not be paying for extras you DON’T need. We know what we’re doing. As you begin your information security compliance journey with A2C, you can rest assured you’ll be headed down the road to compliance.

Is A2C Right for You?

Find Out With This Quick Q&A

Take the Quiz

Let's Talk

Still need help? Let’s talk! You’ll learn how easy our product is to use and scale, and how we can save you time, money, and stress.

Address:
605 North Highway 169, Suite 250
Plymouth, MN 55441


+1-844-637-5511


Sales:
[email protected]
Support:
[email protected]

To top