1 min to read

The Rise of SCATTERED SPIDER A New eCrime Threat

Unveiling the Motives and Methods of a Prolific Cyber Adversary.

Featured image

Since March 2022, the cybersecurity community has been tracking the activities of an eCrime group known as SCATTERED SPIDER. This group has demonstrated a broad and evolving attack portfolio, initially focusing on customer relationship management (CRM) and business-process outsourcing (BPO) firms, as well as telecommunications and technology companies. Their criminal activities have since expanded, leveraging ransomware and targeting Fortune 500 companies across a wide range of sectors including consumer goods, financial services, and retail.

The Evolution of SCATTERED SPIDER

SCATTERED SPIDER’s early campaigns were marked by cryptocurrency theft and SIM-swapping-as-a-Service. However, by April 2023, the group shifted its focus towards ransomware as its primary extortion method. This pivot has led to a significant broadening of their target scope, focusing on high-revenue private sector organizations.

Sophisticated Techniques and Broad Targets

The adversary utilizes advanced social-engineering tactics for initial network access, employing SMS and voice phishing to capture credentials to single sign-on (SSO) dashboards, Microsoft Office 365/Azure, VPNs, and edge devices. SCATTERED SPIDER is particularly adept at bypassing multifactor authentication (MFA) through various means, including SIM-swapping and MFA notification fatigue.

Identity Abuse at the Core

A key element of SCATTERED SPIDER’s strategy is the targeting of IT and information security personnel’s accounts to access critical security tools and documentation. They also target C-suite executives and employees with access to financial resources, enhancing the potential impact of their attacks.

Global Impact

As of March 2024, SCATTERED SPIDER remains active, with attacks spanning across 21 industries and 14 countries, including Canada, Switzerland, Italy, the United States, Japan, and the United Kingdom. The group has developed and utilized a range of malware tools, including CS-PARALYZER, Alphv rsocx, TightVNC, and CobaltStrike, to facilitate their criminal activities.

The Urgent Need for Vigilance

The rise of SCATTERED SPIDER underscores the need for organizations worldwide to adopt robust cybersecurity measures. Businesses must remain vigilant, educating their staff on the latest social-engineering tactics and enhancing their security infrastructure to defend against these sophisticated eCrime actors.

For further insights into SCATTERED SPIDER and their impact on global cybersecurity, stay tuned to our blog.