
A combined statement from U.S. cybersecurity and intelligence organisations warns of a cybercriminal gang called Scattered Spider that uses sophisticated phishing tactics to breach targets.
"Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their usual TTPs," according to the authorities.
Microsoft published a detailed description of the threat actor, also known as Muddled Libra, Octo Tempest, 0ktapus, Scatter Swine, Star Fraud, and UNC3944, last month and labelled it as "one of the most dangerous financial criminal groups."
Cybersecurity
Scattered Spider is a group of hackers who are considered professionals in social engineering because of their use of phishing, prompt bombing, and SIM swapping attacks to steal sensitive information, gain unauthorised access to networks, and circumvent multi-factor authentication (MFA).
Like LAPSUS$, Scattered Spider has been linked to a wider Gen Z cybercrime ecosystem known as the Com (sometimes spelt Comm) that has resorted to aggressive activities and swatting attacks.
According to a Reuters article published earlier this week, the FBI in the United States has information on at least a dozen members of the cybercrime ring.
One of the famous tactics in its repertoire is the impersonation of IT and helping desk professionals utilise phone calls or SMS messages to target employees and get higher access to the networks.
After gaining access, malicious remote access trojans and stealers like AveMaria (aka Warzone RAT), Raccoon Stealer, and Vidar Stealer are deployed, along with genuine remote access tunnelling programmes like Fleetdeck.io, Ngrok, and Pulseway.
Cybersecurity
Furthermore, the English-speaking extortion gang employs living-off-the-land (LotL) strategies to evade detection and navigate hacked networks with an eventual purpose to steal sensitive information in exchange for a payment.
"The threat actors frequently join incident remediation and response calls and teleconferences, likely to identify how security teams are hunting them and proactively develop new avenues of intrusion in response to victim defences," according to the authorities.
Scattered Spider has been an affiliate of the BlackCat ransomware gang since the middle of 2023, allowing the latter to profit from their access to victims through extortion-enabled ransomware and data theft.
The United States government recommends that businesses establish application restrictions, a recovery plan, offline backups, and multi-factor authentication (MFA) that is resistant to phishing attacks.
Comments