The group’s shift toward ransomware operations reportedly began in mid-2023, marking a notable change in its monetization strategies. As per Mandiant’s analysis, this shift implies that Scattered Spider’s target industries will continue to diversify. The group’s range of targets has already expanded beyond telecommunications and business process outsourcing (BPO) companies to encompass industries like hospitality, retail, media, entertainment, and financial services.
Phishing Kits and Ransomware Choice
Scattered Spider employs three phishing kits: Eightbait (utilized between late 2021 and mid-2022) and two unnamed kits that have been used more recently in parallel.