2 threat groups linked to The Com target critical infrastructure with data theft

Two persistent threat groups affiliated with The Com, known as Cordial Spider and Snarky Spider, are actively targeting organizations across multiple critical infrastructure sectors for rapid data theft and extortion attacks, CyberScoop reports.

These financially-motivated attackers, closely aligned with Scattered Spider, use voice-phishing and social engineering to breach victims' identity platforms and traverse SaaS environments, according to a report by CrowdStrike. They primarily target U.S. organizations in academic, aviation, retail, hospitality, automotive, financial services, legal, and technology sectors. The attackers gain initial access by tricking employees into visiting phishing pages that mimic legitimate single sign-on or identity provider pages, capturing credentials, session keys, or tokens. Once inside, they disable multi-factor authentication and delete alerts to cover their tracks.

While tactics, techniques, and procedures vary between the subgroups, their objective is data theft for extortion, with demands often in the seven-figure range. Some victims have also faced DDoS attacks or swatting incidents. Both groups utilize residential proxy networks to evade detection, blending in with normal network traffic.

Source: CyberScoop