Security News > 2023 > September > Scattered Spider traps 100+ victims in its web as it moves into ransomware

Scattered Spider traps 100+ victims in its web as it moves into ransomware
2023-09-15 21:25

Scattered Spider, the crew behind at least one of the recent Las Vegas casino IT security breaches, has already hit some 100 organizations during its so-far brief tenure in the cybercrime scene, according to Mandiant.

The Google-owned threat intel firm tracks Scattered Spider as UNC3944.

In one of the group's first major phishing campaigns in 2022, dubbed Oktapus, the criminals initially went after employees of Okta customers, targeting as many as 135 orgs - IT, software development and cloud services providers based in the US. First, Scattered Spider sent text messages to the employees with malicious links to sites spoofing their company's authentication page.

Beginning in the third quarter of 2022, Mandiant said Scattered Spider began using a new kit that it built using scraped copies of targeted companies' authentication page.

Scattered Spider has also used infostealers such as Ultraknot and other data miners including Vidar and Atomoic to steal credentials, we're told.

Scattered Spider reportedly used this tactic in the recent MGM Resorts intrusion.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/09/15/scattered_spider_snares_100_victims/