Google is facing fresh cybersecurity tension after a hacker group known as Scattered LapSus Hunters issued a public ultimatum. The group is demanding the dismissal of two individuals linked to Google’s Threat Intelligence operations — Austin Larsen and Charles Carmakal. The threat follows a recent Salesforce-related data breach that has already exposed business contact details and sparked phishing attacks against Gmail users.
Who are the two employees?
The two names singled out by the hackers — Austin Larsen and Charles Carmakal — are associated with Google’s Threat Intelligence Group (TAG), which tracks malicious actors, probing their networks and disrupting coordinated cyberattacks. Larsen has been identified in past cybersecurity reports for his work on investigating cybercrime activity, while Carmakal is widely known in the industry as a senior incident response expert, previously linked with Mandiant, a firm acquired by Google in 2022. Both are part of ongoing efforts to protect Google’s platforms and users against organized digital threats.
Why is Google under pressure?
According to reports, Scattered LapSus Hunters want Google to halt its intelligence-gathering activities. In a Telegram post, the group warned it would leak sensitive records if its demands were not met. While the group claims to represent networks like Scattered Spider, LapSus, and ShinyHunters, there is no independent evidence yet that it has breached Google’s internal systems. Analysts suggest that naming individuals could be an intimidation tactic aimed at disrupting the company’s defenses rather than a sign of direct compromise.
Fallout from the Salesforce breach
The timing of the ultimatum coincides with phishing campaigns that followed the Salesforce breach. In August, attackers infiltrated Salesforce by impersonating IT support and deploying malware. This led to exposure of client names and business contact details — data now being repurposed for phishing and vishing attacks targeting Gmail users. Google has reassured customers that account passwords and private content remain unaffected, though it urged password resets as a precaution.
With phishing attempts now linked to nearly 37% of account hijacking incidents on its platforms, Google is under increasing pressure to safeguard users. The singling out of Larsen and Carmakal underlines how threat groups are shifting tactics — targeting not just companies but also the individuals defending them.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
