Ransomware, Threat Intelligence

Qilin, RansomHub ransomware added to Scattered Spider arsenal

Hacking collective Scattered Spider has updated its attack toolkit to include the Qilin and RansomHub ransomware payloads, which have been used in its intrusions since the second quarter, according to BleepingComputer.

After compromising Microsoft, AT&T, Twitter, and over 130 other organizations as part of the widespread 0ktapus campaign shortly after its emergence in early 2022, Scattered Spider — also known as UNC3944 and Octo Tempest — engaged in more extensive account takeover attacks until early last year before transitioning to full-fledged ransomware attacks as an affiliate of the BlackCat ransomware gang in the middle of 2023, reported Microsoft. More than 130 organizations have also been compromised by the Qilin ransomware gang since surfacing in August 2022, with the group ramping up intrusions since its development of a sophisticated VMware ESXi virtual machine-targeting Linux encryptor. UK pathology services provider Synnovis was one of the most recent victims of Qilin's debilitating attacks, which resulted in the massive disruption of medical services across London.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds