- SLSH recruits women to increase the effectiveness of social engineering at IT helpdesks
- Applicants are paid between $500 and $1,000 per call depending on success
- Participants must pass screening questions and follow a scripted set of instructions
The infamous hacker group Scattered Lapsus$ Hunters, also known as SLSH, is reportedly recruiting women to improve the effectiveness of their social engineering operations.
Telegram posts dated Feb. 22 and collected by Dataminr indicate the group offers payments between $500 and $1,000 per call, depending on “success and hit rate.”
Applicants are asked to contact the group’s “Support” account, answer screening questions and, if accepted, follow a prepared script during calls.
Recruitment process and call structure
The goal appears to be to trick IT help desk workers into providing login credentials that can later be used to gain access to the company’s network, which is consistent with the group’s known methods of manipulating internal support teams into resetting passwords or bypassing authentication procedures.
Experts who have monitored calls linked to associated actors describe the techniques as structured and effective.
“This recruitment represents a calculated evolution in SLH’s tactics,” said Jeanette Miller-Osborn, field cyber intelligence officer at Dataminr.
“By specifically seeking female voices, the group is likely aiming to bypass the ‘traditional’ profiles of attackers that IT help desk workers may be trained to identify, thereby increasing the effectiveness of their impersonation efforts.”
SLSH’s latest campaign follows previous public recruitment efforts conducted through Telegram.
In October 2025, the group offered $10 in Bitcoin to anyone willing to “endlessly harass” leaders of organizations it was trying to extort.
“You are authorized to endlessly harass these leaders until they comply with us,” the announcement read, adding that the activity would be “centralized and well-run.”
When asked about participation levels, the group claimed it had “virtually paid out over $1,000 at this point,” although that figure could not be independently verified.
The shift towards paid voice emulation suggests continued reliance on outsourced participants rather than tightly controlled internal operations.
The recruitment activity comes amid ongoing criminal pressure on major brands.
ShinyHunters claimed to have obtained 1.7 million CarGurus records and individually claimed Panera Bread as a victim of stolen credentials.
Ransomware attacks have continued to rise in 2025, with gangs re-emerging under new names despite previous disruptions.
Miller-Osborn recommends that organizations make their help desks aware of these changing tactics and ensure that identities are verified through video calls or secondary internal verification.
Strengthening internal firewall rules and enforcing identity theft protections can help address this threat.
Implementing strict malware removal procedures can also reduce exposure if credentials are compromised.
Cyber fraud continues to thrive despite global raids, and the commercialization of social engineering with auditions and performance-based pay shows that criminals rely more on human manipulation than technical intrusion.
Via The register
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
