Brit Scattered Spider duo handed tickets to prison over Transport for London attack
Sentencing bookends the biggest cybercrime conviction in UK history
Coverage of incidents attributed to Scattered Spider, with analysis of infrastructure, disruption efforts, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Scattered Spider is a label used in public reporting for a loosely defined, financially motivated intrusion set. Attribution is not always consistent, and the name may encompass related operators rather than a single centralized organization. Reported activity has involved social engineering of help-desk staff, theft or takeover of credentials and MFA-recovery methods, and access to cloud, identity, or virtual-administration environments. These techniques can turn weaknesses in account-recovery procedures into privileged access without exploiting a software vulnerability.
The principal defensive concern is compromise of the identity-management plane. Organizations should require robust, independently verified help-desk identity checks; prefer phishing-resistant MFA for privileged and remote access; restrict and alert on MFA, password, SIM, and recovery-setting changes; and monitor identity-provider, VPN, cloud, and administrative logs for unusual authentication or privilege changes. Threat intelligence is most useful when it supports behavior-based detection rather than reliance on a fixed list of indicators. If suspected, preserve authentication and support-ticket records quickly and investigate linked accounts, sessions, tokens, and administrator actions.
Weekly headline count for the current query.
Sentencing bookends the biggest cybercrime conviction in UK history
Along with other telemetry, Windows GDID makes online activity more traceable
Tyler Buchanan admits role in scheme that stole at least $8 million in virtual currency A Scottish man linked to the Scattered Spider cybercrime crew has pleaded guilty in the US to a phishing and SIM-swap scheme that stole at least $8 million in cryptocurrency.…
Washington content to be represented by actual empty chairs RSAC 2026 Back in the day (circa 2023) when cybercrime group Scattered Spider and its help-desk voice-phishing calls were a relatively new threat, the feds considered pulling the government's top cyber-threat hunters and their private-sector counterparts into one room to share information, in real time, about this loosely knit extortion ring that was terrorizing enterprises.…
Not old enough to drink, old enough to be accused of causing millions in damage A teen surrendered to Las Vegas police and was booked on suspicion of breaking into multiple Las Vegas casino networks in 2023, as part of a series of hacks attributed to Scattered Spider.…
Bad opsec Thalha Jubair, one of the two UK teens arrested on Tuesday and accused of being members of the notorious Scattered Spider cybercrime gang, allegedly played a role in bilking more than 100 organizations out of at least $115 million in ransom payments. The cops nabbed him after following a number of clues, including paying for gift cards from a wallet on the same server that also held wallets receiving extortion payments.…
Decisive action comes nearly a year after the attack and first arrest took place Two teenagers are set to appear in court today after being charged with offences related to the cyberattack on Transport for London (TfL) in August 2024.…
You didn't really trust the crims to keep their word, did you? Spiders don't change their stripes. Despite gang members' recent retirement claims, Scattered Spider hasn't exited the cybercrime business and instead has shifted focus to the financial sector, with a recent digital intrusion at a US bank.…
PLUS: China's Great Firewall springs a leak; FBI issues rare 'Flash Alert' of Salesforce attacks; $10m bounty for alleged Russian hacker; and more Infosec In Brief 15 ransomware gangs, including Scattered Spider and Lapsus$, have announced that they are going dark, and say no more attacks will be carried out in their name.…
Scattered Spider, ShinyHunters, and Lapsus$ spent the weekend bragging to each other on a Telegram channel Prolific cybercrime collectives Scattered Spider, ShinyHunters, and Lapsus$ appear to have come together in a new Telegram channel that shares news of their exploits.…
New malware, even better social engineering chops The FBI and a host of international cyber and law enforcement agencies on Tuesday warned that Scattered Spider extortionists have changed their tactics and are now breaking into victims' networks using savvier social engineering techniques, searching for organizations' Snowflake database credentials, and deploying a handful of new ransomware variants, most recently DragonForce. …
Dare we suggest Scattered Spider has poisoned another carrier? US carrier Alaska Airlines has grounded its fleet due to an unspecified IT issue.…
Keep It Simple, Stupid Interview Scattered Spider and Iranian government-backed cyber units have more in common than a recent uptick in hacking activity, according to Ariel Parnes, a former colonel in the Israeli Defense Forces' cyber unit 8200.…
Supermarket announces white hat education scheme as four suspects released on bail Co-op Group's chief executive officer has confirmed that all 6.5 million of the organization's members had their data stolen during its April cyberattack - Scattered Spider is believed to be behind the digital heist.…
Plus: Qantas makes contact with 'potential cyber criminal' While the aviation industry has borne the brunt of Scattered Spider's latest round of social engineering attacks, the criminals aim to catch manufacturing and medical tech companies — and even Chipotle Mexican Grill — in tjeor web, as evidenced by hundreds of domains that security researchers say look a lot like phishing websites used by the criminal crews.…
Time ticking for defenders as social engineering pros weave wider web Just a few weeks after warning about Scattered Spider's tactics shifting toward the insurance industry, the same experts now say the aviation industry is now on the ransomware crew's radar.…
If it looks like a duck and walks like a duck... Aflac is the latest insurance company to disclose a security breach following a string of others earlier this week, all of which appear to be part of Scattered Spider's most recent data theft campaign.…
Google threat analysts warn the team behind the Marks & Spencer break-in has moved on Cyber-crime crew Scattered Spider has infected US insurance companies following a series of ransomware attacks against American and British retailers, according to Google, which urged this sector to be on "high alert."…
Crew ain't done hopping sectors, Unit 42 threat hunter warns interview Scattered Spider snared financial services organizations in its web before its recent spate of retail attacks in the UK and US, according to Palo Alto Networks' Unit 42.…
Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks INTERVIEW The call came into the help desk at a large US retailer. An employee had been locked out of their corporate accounts. …