Report sheds more light on Scattered Spider tactics

Infosecurity Magazine reports that increasingly sophisticated attack techniques have been adopted by the Scattered Spider hacking collective since initially emerging as a SIM swapping operation three years ago.

Aside from spoofing technology vendors in 81% of its domains and using Tata Consultancy Services credentials to infiltrate UK retailers Marks & Spencer, Harrods, and The Co-op, Scattered Spider has also exploited the Evilginx phishing framework in its social engineering efforts, with 60% of the group's Evilginx domains aimed at tech vendors and organizations, a report from ReliaQuest revealed. Scattered Spider has also formed partnerships with various ransomware-as-a-service operations, including ALPHV/BlackCat and RansomHub. The group's latest attacks against UK retailers were noted by River Island Information Security Officer Sunil Patel to have involved a partnership with the DragonForce operation. "Through strategic alliances with major ransomware operators, [the group] gains access to infrastructure, ransomware deployment tools, and platforms for ransom negotiations," said ReliaQuest.