Hackers associated with the Spider group resurface to target to fresh victims, refuting claims of retirement.
Scattered Spider, an infamous threat actor known for targeting the banking sector and major companies, has reportedly resumed its activities, this time focusing on US critical infrastructure. According to a new report by ReliaQuest, the group has been linked to multiple lookalike domains associated with the fintech vertical and a victim - a US banking organization.
The recent activities of Scattered Spider include compromising VMware ESXi infrastructure to dump credentials and further infiltrate networks. To achieve this, the attackers have been using Okta-themed phishing pages to steal login credentials and bypass security controls such as multi-factor authentication.
The attacks by Scattered Spider involve social engineering, specifically vishing (voice phishing), where the attackers impersonate IT staff over the phone to convince employees to authorize access to malicious 'connected apps'. These malicious apps, disguised as benign software like Salesforce, allow the miscreants to exfiltrate sensitive business data.
The group is allegedly behind the breaches at multiple companies, including Jaguar Land Rover, Marks & Spencer, The Co-op, Harrods, and is also linked to the large Salesforce / Salesdrift data leak, which affected over 700 companies. If the claims about Scattered Spider's involvement in the Salesforce leak are authentic, it would be one of the biggest breaches in recent history.
The U.S. Department of Justice (US-Justiz) has taken action against members of the hacker group, indicating a growing concern about their activities. The FBI and possibly the NSA might draw attention to the Salesforce leak if the claims are proven true.
In a concerning development, Scattered Spider has announced it is 'going dark', leading to speculation about potential rebranding or fear of law enforcement response. However, the group's resurgence underscores the need for continued vigilance against cyber threats.
As businesses and critical infrastructure continue to rely heavily on digital platforms, the threat posed by groups like Scattered Spider cannot be overstated. It is crucial for organisations to strengthen their security measures and remain vigilant against such threats to protect their sensitive data and maintain business continuity.
Read also:
- Unidentified cybercriminals suspected in mobile banking fraud in Kenya, as insiders potentially implicated in the scheme
- Exploring the Architecture and Skills of Qualys' Agentic AI: A Deep Dive into Its Technological Framework and Abilities
- Auto Industry Update: Geotab, C2A, Deloitte, NOVOSENSE, Soracom, and Panasonic in Focus
- Preparations Underway for the 2022 FIFA World Cup: Impact on Sports Betting Industry
