Scattered Spider Cybercrime Group Ramps Up Attacks, Targets 100 Companies

A recent report from Mandiant has shed light on the cybercrime group known as Scattered Spider, which is believed to have been responsible for a wave of cyberattacks, including those targeting Las Vegas casinos. The group’s activities have been notably prolific during its two-year existence.

Approximately 100 Companies Targeted

Mandiant’s findings suggest that Scattered Spider may have successfully targeted around 100 companies, with notable incidents including attacks on employees of Okta, a widely-used employee identity solutions provider.

SMS Phishing and Phone-Based Social Engineering

Scattered Spider primarily employs SMS phishing and phone-based social engineering tactics. By duping individuals into divulging login credentials for various company services, the group gains entry to endpoints, where it engages in various malicious activities, ranging from data theft to the deployment of ransomware.

Shift Towards Ransomware Operations

The group’s shift toward ransomware operations reportedly began in mid-2023, marking a notable change in its monetization strategies. As per Mandiant’s analysis, this shift implies that Scattered Spider’s target industries will continue to diversify. The group’s range of targets has already expanded beyond telecommunications and business process outsourcing (BPO) companies to encompass industries like hospitality, retail, media, entertainment, and financial services.

Phishing Kits and Ransomware Choice

Scattered Spider employs three phishing kits: Eightbait (utilized between late 2021 and mid-2022) and two unnamed kits that have been used more recently in parallel.

In the realm of ransomware, the group has opted for BlackCat, also known as ALPHV, a ransomware-as-a-service (RaaS) provider. ALPHV is notorious for its involvement in numerous high-profile ransomware attacks. Scattered Spider’s utilization of ALPHV suggests a connection to the broader ransomware ecosystem, with ransomware operators providing affiliates access to the ransomware along with support services such as infrastructure and extortion assistance.

Scattered Spider’s cyber activities continue to pose a significant threat across various industries, emphasizing the importance of cybersecurity vigilance for organizations and individuals alike.