Security news aggregator

Latest coverage for Scattered Spider

Coverage of incidents attributed to Scattered Spider, with analysis of infrastructure, disruption efforts, and defensive guidance for organizations.

6 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Scattered Spider is a label used in public reporting for a loosely defined, financially motivated intrusion set. Attribution is not always consistent, and the name may encompass related operators rather than a single centralized organization. Reported activity has involved social engineering of help-desk staff, theft or takeover of credentials and MFA-recovery methods, and access to cloud, identity, or virtual-administration environments. These techniques can turn weaknesses in account-recovery procedures into privileged access without exploiting a software vulnerability.

The principal defensive concern is compromise of the identity-management plane. Organizations should require robust, independently verified help-desk identity checks; prefer phishing-resistant MFA for privileged and remote access; restrict and alert on MFA, password, SIM, and recovery-setting changes; and monitor identity-provider, VPN, cloud, and administrative logs for unusual authentication or privilege changes. Threat intelligence is most useful when it supports behavior-based detection rather than reliance on a fixed list of indicators. If suspected, preserve authentication and support-ticket records quickly and investigate linked accounts, sessions, tokens, and administrator actions.

Showing 6 most recent headlines Filtered view
Krebs on Security 9 months, 3 weeks ago

Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms

U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least $115 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.

Bank Info Security 9 months, 3 weeks ago

Teenage Scattered Spider Suspect Arrested in Las Vegas

Juvenile Male Tied to Hack Attacks Against MGM Resorts and Caesars EntertainmentThe net continues to close on suspected members of the notorious ransomware-wielding group called Scattered Spider, with Las Vegas police announcing the arrest of a teenage, juvenile male suspect tied to 2023 attacks that hit MGM Resorts and Caesars Entertainment.