U.S. cybersecurity and intelligence organizations have launched a joint advisory about a cybercriminal group known as Scattered Spider that is known to utilize innovative phishing ways to infiltrate targets.
“Scattered Spider threat actors commonly have interaction in information theft for extortion applying various social engineering approaches and have not too long ago leveraged BlackCat/ALPHV ransomware together with their standard TTPs,” the organizations explained.
The menace actor, also tracked beneath the monikers Muddled Libra, Octo Tempest, 0ktapus, Scatter Swine, Star Fraud, and UNC3944, was the subject matter of an in depth profile from Microsoft last month, with the tech large contacting it “one particular of the most risky financial criminal teams.”
Thought of as specialists in social engineering, Scattered Spider is recognised to count on phishing, prompt bombing, and SIM swapping attacks to get hold of qualifications, install distant access instruments, and bypass multi-factor authentication (MFA).
Scattered Spider, like LAPSUS$, is claimed to be element of a much larger Gen Z cybercrime ecosystem that refers to by itself as the Com (alternately spelled Comm), which has resorted to violent action and swatting attacks.
A report from Reuters previously this week disclosed that the U.S. Federal Bureau of Investigation (FBI) is informed of the identities of at least a dozen users of the cybercrime gang.
A single of the notable tips in its arsenal is the impersonation of IT and serving to desk employees use phone calls or SMS messages to concentrate on employees and achieve elevated entry to the networks.
Productive first accessibility is adopted by the deployment of legitimate remote obtain tunneling equipment these as Fleetdeck.io, Ngrok, and Pulseway, as well as distant accessibility trojans and stealers like AveMaria (aka Warzone RAT), Raccoon Stealer, and Vidar Stealer.
On top of that, the English-talking extortion crew leverages residing-off-the-land (LotL) methods to skirt detection and navigate compromised networks with an ultimate purpose to steal sensitive information and facts in exchange for a payment.
“The danger actors frequently be a part of incident remediation and reaction calls and teleconferences, most likely to recognize how security teams are looking them and proactively build new avenues of intrusion in reaction to sufferer defenses,” the businesses mentioned.
As of mid-2023, Scattered Spider has also acted as an affiliate for the BlackCat ransomware gang, monetizing its obtain to victims for extortion-enabled ransomware and knowledge theft.
The U.S. government is urging firms to employ phishing-resistant MFA, enforce a recovery plan, manage offline backups, and undertake software controls to protect against the execution of unauthorized program on endpoints.
Discovered this article interesting? Adhere to us on Twitter and LinkedIn to go through much more exceptional information we publish.
Some pieces of this short article are sourced from: