A new hacker collective has made headlines after issuing a direct ultimatum to Google, demanding the dismissal of two of the company’s top security personnel. The demand comes on the heels of a recent breach warning, and it has thrown the tech giant into a fresh wave of controversy over its handling of cybersecurity threats.
The group, calling itself “Scattered LapSus Hunters,” claims responsibility for a breach that targeted systems linked to Google’s business operations. In an unusual twist, rather than seeking money or leaking stolen data immediately, the hackers are pressuring Google to take internal disciplinary action—specifically, to terminate two individuals from its Threat Intelligence Group.
A New Kind of Threat
The hackers’ ultimatum is not the typical ransom note demanding payment in cryptocurrency. Instead, they are demanding that Google fire two specific security researchers they say are interfering with their activities. The group has threatened to release sensitive internal data if the company refuses to comply.
Although these claims have yet to be independently verified, the nature of the threat marks a shift in how cybercriminals are trying to exert influence. This isn’t just about stealing data—it’s about power, intimidation, and disrupting the people actively working to dismantle criminal networks.
The group behind the threats appears to be a hybrid of known cybercriminal factions, blending techniques such as social engineering, phishing, and system infiltration. Their tactics are designed not only to compromise security infrastructure but to create fear and confusion within the organizations they target.
The Alleged Breach
Google recently acknowledged a data security incident involving a third-party system connected to its enterprise services. While the company stressed that its core systems and user data were not compromised, hackers were reportedly able to obtain business contact information, which has since been used in targeted phishing campaigns.
This breach appears to have been facilitated by sophisticated voice phishing techniques—known as “vishing”—where attackers impersonate legitimate entities to manipulate employees into revealing login credentials or granting system access. The hackers claim to have obtained internal documents, communications, and access credentials. However, no concrete evidence has been publicly shared.
The timing of the ultimatum suggests the group is leveraging the publicity surrounding the breach to gain maximum visibility and pressure Google into responding on their terms.
The Employees in the Crosshairs
The two individuals named in the hackers’ demands are known members of Google’s internal security team, credited with investigating and tracking major threat actors. By targeting them specifically, the hackers are attempting to neutralize what they perceive as a direct threat to their operations.
Such personal targeting of cybersecurity professionals represents a disturbing escalation. It reflects a broader trend where threat actors seek to intimidate not just institutions, but individual defenders who work behind the scenes to protect digital infrastructure.
Cybersecurity professionals and industry insiders are expressing concern that this tactic, if successful, could encourage more personalized attacks on defenders across other companies and industries.
Google’s Position
So far, Google has remained tight-lipped about the specifics of the situation. The company has not confirmed whether the threats are credible or if the targeted individuals remain actively involved in related investigations. However, sources close to the company suggest that Google has no intention of bowing to demands from criminal actors.
Internally, the company is said to be tightening its protocols, reviewing third-party access, and enhancing protections around sensitive investigative teams. Staff have reportedly been briefed on increased social engineering threats, and additional support has been extended to teams that may be targeted by similar tactics.
The lack of a direct public response from Google may be strategic, as responding publicly could validate the hacker group’s demands or inflate their credibility.
What This Means for Users
For the average user, there is no immediate indication that their Gmail accounts or personal data have been accessed as part of this incident. However, the broader threat landscape suggests that phishing campaigns using stolen business contacts could be on the rise.
Users are encouraged to stay alert for suspicious emails, especially those that attempt to impersonate legitimate companies or Google representatives. Two-factor authentication, passkeys, and strong passwords remain essential tools in defending personal accounts from compromise.
Even in the absence of leaked user data, incidents like this highlight the indirect ways in which user security can be put at risk—through impersonation, fraud, and reputation attacks against trusted services.
A Broader Security Trend
This event is not isolated. Cybercrime is evolving rapidly, and hacker groups are increasingly turning toward bold, public tactics to disrupt corporate security efforts. Rather than hiding in the shadows, they are using social media, messaging platforms, and even public forums to broadcast threats and demands.
The rise of groups that combine forces and skills from different cybercrime communities makes tracking and neutralizing them more difficult. Their goals are no longer limited to financial gain; some are pursuing ideological, reputational, or strategic motives.
By going after the people inside companies, these groups are shifting the battleground—from the data itself to the defenders.
Conclusion
The ultimatum issued to Google by Scattered LapSus Hunters represents a disturbing escalation in cybercrime tactics—one that combines psychological warfare, public pressure, and personal targeting. Whether the group actually has access to sensitive Google data remains to be seen, but the threat itself is symbolic of a new age in cybersecurity.
Google now faces a tough challenge: continuing its investigations without capitulating to public threats, while reassuring both employees and users that its systems—and its people—remain secure.
Regardless of how this standoff plays out, one thing is clear: cybersecurity is no longer just about protecting data. It’s about protecting the people who protect the data—and that may be the next front line in the digital war.
