Scattered Spider

Scattered Spider, a notorious hacking group also known as UNC3944, Scatter Swine, or Muddled Libra, has gained notoriety in the cybersecurity world for its sophisticated cyber attacks. This group, consisting mostly of individuals aged 19 to 22, has been active since at least May 2022 and is believed to be primarily based in the United States and the United Kingdom. Their methods include SIM swap scams, multi-factor authentication fatigue attacks, and phishing via SMS and Telegram, exploiting a known security bug in Windows' anti-DoS software, CVE-2015-2291, to terminate security software and evade detection​​​​.

Scattered Spider has been responsible for some high-profile breaches, including attacks on Caesars Entertainment and MGM Resorts International, two of the largest casino and gambling companies in the U.S. They gained access to these companies' internal systems through social engineering, bypassing multi-factor authentication by obtaining login credentials and one-time passwords. In the case of Caesars Entertainment, they extracted driver's license numbers and possibly Social Security numbers of a significant number of customers, leading Caesars to pay a ransom of $15 million, half of the group's original demand​​​​.

The group's alliance with ALPHV/BlackCat, a Russia-based ransomware cartel, has further expanded its capabilities. This collaboration enables Scattered Spider to encrypt and lock systems using BlackCat's ransomware and then extort victims for ransom payments. Their operations have been characterized by exploiting human vulnerabilities, such as tricking employees into handing over credentials and installing RAT malware and monitoring tools to steal data and learn about incident response efforts. This alliance has emboldened their efforts, leading to major attacks on entities like oil giant Shell and the Costa Rican government​​​​.

BlackCat / ALPHV: A New Age Ransomware Menace

Introduction: BlackCat, also known as ALPHV, represents a sophisticated and formidable force in the cybercriminal world. Emerging as a prominent ransomware-as-a-service (RaaS) group, BlackCat has quickly gained notoriety for its advanced techniques and high-profile attacks. Who is BlackCat / ALPHV?…

Breached CompanyBreached Company

The group, also known by aliases such as 0ktapus, Starfraud, and Octo Tempest, has been linked to breaches of networks of companies like MailChimp, Reddit, and Twilio. Their access tactics are primarily based on exploiting human vulnerabilities and social engineering techniques. The FBI and cybersecurity experts have urged organizations to strengthen their defenses, including implementing stronger multi-factor authentication, enhancing email security, segmenting networks, and applying patches against the MITRE techniques listed by the FBI. Additionally, robust data recovery plans and offline backups are recommended to facilitate recovery after an attack​​​​​​.

Scattered Spider | CISA

Cybersecurity and Infrastructure Security Agency CISA

In summary, Scattered Spider exemplifies a new breed of cybercriminals who are not only technologically adept but also skilled in exploiting human psychology to gain unauthorized access. Their alliances with other ransomware groups and their ability to adapt and evolve their tactics make them a significant threat in the cybersecurity landscape.