Security News > 2023 > November > FBI shares tactics of notorious Scattered Spider hacker collective
Scattered Spider attacks were documented since last summer when researchers at cybersecurity company Group-IB publishing a report about a spree of attacks aiming to steal Okta identity credentials and 2FA codes, which had started March the same year.
The FBI and CISA alert highlights Scattered Spider's powerful initial access tactics that involve targeting a company's employees by posing as IT or help-desk staff and tricking them into providing credentials or even direct network access.
Individual tactics include phone calls, SMS phishing, email phishing, MFA fatigue attacks, and SIM swapping.
Apart from the above legitimate tools used for malicious purposes, Scattered Spider also conducts phishing attacks to install malware like the WarZone RAT, Raccoon Stealer, and Vidar Stealer, to steal from compromised systems login credentials, cookies, and other data useful in the attack.
The Scattered Spider actors affiliated with BlackCat are also known to use the ransomware gang's data leak site as part of their extortion attempts, where they leak data or issue statements about the attack, as it happened with their attack on Reddit.
The FBI and CISA recommend implementing specific mitigations to protect against threats imposed by Scattered Spider.