Security news aggregator

Latest coverage for Scattered Spider

Coverage of incidents attributed to Scattered Spider, with analysis of infrastructure, disruption efforts, and defensive guidance for organizations.

28 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Scattered Spider is a label used in public reporting for a loosely defined, financially motivated intrusion set. Attribution is not always consistent, and the name may encompass related operators rather than a single centralized organization. Reported activity has involved social engineering of help-desk staff, theft or takeover of credentials and MFA-recovery methods, and access to cloud, identity, or virtual-administration environments. These techniques can turn weaknesses in account-recovery procedures into privileged access without exploiting a software vulnerability.

The principal defensive concern is compromise of the identity-management plane. Organizations should require robust, independently verified help-desk identity checks; prefer phishing-resistant MFA for privileged and remote access; restrict and alert on MFA, password, SIM, and recovery-setting changes; and monitor identity-provider, VPN, cloud, and administrative logs for unusual authentication or privilege changes. Threat intelligence is most useful when it supports behavior-based detection rather than reliance on a fixed list of indicators. If suspected, preserve authentication and support-ticket records quickly and investigate linked accounts, sessions, tokens, and administrator actions.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 28 Filtered view
Bank Info Security 1 day, 22 hours ago

2 Young Hackers Jailed for Disrupting London Underground

Police Say Arrests 'Effectively Halted' Scattered Spider Cybercrime CollectiveTwo leaders of the Scattered Spider hacking group received 66-month jail sentences in Britain's biggest cybercrime prosecution to date, after they disrupted London's transport authority, causing $39 million in losses and recovery costs. How to deter young hackers remains an ongoing challenge.

Bank Info Security 1 week, 2 days ago

The Most Elusive Criminal Quality: Anonymity

Suspected Scattered Spider Member Reportedly Unmasked After Making Death ThreatHow did investigators unmask a 19-year-old suspected Scattered Spider extortionist? Amateur sleuths have highlighted Microsoft-gathered device telemetry in charging documents. But a researcher said he was quickly unmasked and tracked for years, after he sent her a death threat.

Anarchic Western Adolescent Hacking Groups Appear to Defy Easy CategorizationSome cybersecurity entities are groups, with office hours and vacation time. But others, such as Scattered Spider and other Com spinoffs, are largely comprised of adolescent hackers and extortionists, and often display more anarchic behavior that makes their efforts tougher to combat.

An On Demand video from ID DatawebScattered Spider continues to evolve, and organizations across financial services, healthcare, insurance, telecommunications, and other sectors are strengthening defenses against increasingly sophisticated identity-driven threats.

Tyler Buchanan Pleads Guilty to Conspiracy to Commit Wire Fraud and Identity TheftA senior figure in the Scattered Spider cybercrime group pleaded guilty to one count of conspiracy to commit wire fraud and one count of aggravated identity theft on Friday in US federal district court. The plea marks the conclusion of a digital crime spree by Tyler Robert Buchanan.

Bank Info Security 9 months, 3 weeks ago

Teenage Scattered Spider Suspect Arrested in Las Vegas

Juvenile Male Tied to Hack Attacks Against MGM Resorts and Caesars EntertainmentThe net continues to close on suspected members of the notorious ransomware-wielding group called Scattered Spider, with Las Vegas police announcing the arrest of a teenage, juvenile male suspect tied to 2023 attacks that hit MGM Resorts and Caesars Entertainment.

Bank Info Security 9 months, 4 weeks ago

Scattered Spider Sting: 2 English Teens Charged With Attacks

UK and US Charge Suspects With Hitting Transport for London, Healthcare, OthersTwo English teenagers have been charged with disrupting London's transport network as part of a Scattered Spider cyberattack. One of the suspects has also been accused by the U.S. of helping to attack 120 other victims, generating $115 million in ransom payments.

Recent, Targeted Attacks Suggest Undercut Group's Claimed 'Going Dark' RetirementElements of the notorious ransomware collective lately calling itself Scattered Lapsus$ Hunters appear to be targeting fresh victims, including a U.S. banking organization if not the sector at large, despite a member of the group claiming it would be "going dark" and retiring.

Bank Info Security 10 months, 3 weeks ago

Breach Roundup: Scattered Spider Hacker Gets 10 Years

Also: New 'Quishing' Tactics, Pro-Houthi Hacker Sentenced to 20 MonthsThis week, a Scattered Spider hacker sentenced, new squishing tricks, a pro-Houthi hacker gets 20 months in the United Kingdom, a Taiwanese web hosting provider hacked, the Business Council of New York and Ohio Medical Cannabis Center breached, North Korean hackers target Seoul and an Apple Patch.

CRM Breach May Be Tied to Ongoing Scattered Spider and ShinyHunters CampaignCloud software giant Workday said its customer relationship management software has been breached and customer data stolen. The alert comes as attackers continue to pose as employees to trick help desks into giving them direct access to a victim's Salesforce CRM instance.

Bank Info Security 11 months, 1 week ago

Scattered Spider and ShinyHunters' Next Move: Leaking Data

Extortionists Detail Fresh Victims, Although Sensitivity of Stolen Data UnclearExtortionists tied to the Scattered Spider and ShinyHunters hacking collectives have begun naming victims and leaking data via a new, dedicated Telegram channel. Many of the breaches appear to trace to social engineering attacks that gained attackers access to a victim's Salesforce instance.

Bank Info Security 11 months, 3 weeks ago

Scattered Spider Exploiting VMware vSphere

Hacking Tactics Linked to Retail, Airline CompromisesThe loosely connected band of adolescent cybercriminals tracked as Scattered Spider has joined the VMware hypervisor hacking bandwagon, pivoting into virtual servers through corporate instances of Active Directory. vSphere integration with Active Directory adds a yet another layer of insecurity.

Suspects Tied to April Ransomware Attacks Against Retailers M&S, Co-Op, HarrodsThe U.K.'s National Crime Agency on Thursday arrested in England four suspected members of the Scattered Spider cybercrime collective, as part of an ongoing investigation into major, disruptive hack attacks in April against major retailers Marks & Spencer, the Co-Op and Harrods.

Group Amassed Intelligence on CFO to Trick Help Desk and Gain Initial AccessHackers tied to the cybercrime group Scattered Spider have been taking down fresh victims, including a logistics firm first breached when attackers tricked its help desk, using personal information they amassed for the CFO, reports the security team that responded to the intrusion.

Experts Suspect Scattered Spider Is Behind Rash of Recent Insurer BreachesAflac is the latest insurance company dealing with a cyberattack. The company is investigating a cyber incident that did not involve ransomware encryption of its IT systems, but did potentially compromise data. Experts suspect Scattered Spider is behind the recent rash of insurance incidents.

Bank Info Security 1 year, 1 month ago

Scattered Spider Targeting American Insurance Firms

Hackers Posing as Help Desks and Call Centers to Target Victims, Google WarnsA hacking collective behind recent cyberattacks on major British retailers has pivoted to target U.S. insurance firms, warned Google. Scattered Spider, tracked as UNC3944 by Google, is a financially motivated threat group consisting largely of English-speaking adolescents.

Bank Info Security 1 year, 1 month ago

M&S Reportedly Hacked Using Third-Party Credentials

Scattered Spider Stole Tata Consulting Services Employee Login Details for HackBritish retailer Marks & Spencer was reportedly compromised by cybercrime group Scattered Spider using stolen employee credentials from a third-party IT company. Citing an unidentified source, Reuters reported hackers used the M&S login credentials of two Tata Consulting Services employees.

Loading more headlines...