Cybersecurity Agency Warns About Hacking Collective
November 27, 2023
The Cybersecurity and Infrastructure Security Agency and the FBI have issued a joint advisory about Scattered Spider, a loose collective of teenage Russian hackers that now collaborates with a ransomware operation known as ALPHV/BlackCat, according to an article in BleepingComputer.
Scattered Spider includes proficient English speakers. It relies on phishing, multi-factor authentication bombing, and SIM swapping to gain access to large organizations.
Research about the group’s methods indicates that between them, its members have knowledge of many areas of cybercrime, including social engineering and hacking, SIM swapping, phishing, and bypassing login protections.
In September, Scattered Spider attacked MGM Casino and Caesars Entertainment in Las Vegas, using the BlackCat/ALPHV locker to encrypt systems.
Caesars quickly negotiated a $15 million ransom payout. MGM refused to pay, and lost 10 days of casino and hotel operations, which added up to tens of millions of dollars in lost revenue.
Past activity from the same ransom attackers includes hacks of MailChimp, Twilio, DoorDash, and Riot Games. An October report by Microsoft said that they are among the most dangerous of financial criminal groups, and have been known to resort to violent threats to achieve their goals.
Attacks by Scattered Spider have been tracked for months. A report published by cybersecurity company Group-IB documented a spree of attacks last summer meant to steal Okta identity credentials and 2FA codes.
In December 2022, CrowdStrike profiled Scattered Spider, calling it a financially motivated group that targets telecom companies, using high-level social engineering tactics, defense reversal, and a rich set of software tools.
According to Reuters, the FBI knows the identities of at least 12 members of the group but none have been indicted or arrested.
Get our free daily newsletter
Subscribe for the latest news and business legal developments.