Following recent arrests of alleged Scattered Spider members in the UK, Google Cloud's Mandiant Consulting has reported a noticeable pause in the group's activities, offering a "critical window of opportunity" for organizations to bolster their defenses, reports The Hacker News.Charles Carmakal, CTO at Mandiant, urged companies not to become complacent, highlighting that other threat actors like UNC6040 are replicating Scattered Spider's social engineering tactics. The group had previously targeted North American sectors such as retail, airlines, and transportation, leveraging attacks on VMware ESXi hypervisors and deploying ransomware, including DragonForce. A joint advisory from US, Canadian, and Australian agencies outlined Scattered Spider's updated methods, ranging from SIM swapping and phishing to the use of commercial RATs like Warzone and Raccoon Stealer. These actors often impersonated employees or IT staff to bypass MFA and extract credentials. Additionally, they've exploited cloud storage platforms like Mega for data exfiltration and frequently targeted Snowflake environments to run mass queries and extract sensitive data rapidly.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds