Security News > 2024 > July > Cyber-crime super-crew Scattered Spider falls in love with RansomHub and Qilin

The Scattered Spider cybercrime group is now using RansomHub and Qilin ransomware variants in its attacks, illustrating a possible power shift among hacking groups.

Scattered Spider - which hit Las Vegas casinos last year among many other victims, and is tracked as Octo Tempest by Microsoft, or the gazillion other aliases it has depending on who's doing the talking - accounts for "a significant bulk of investigations."

Before the Feds crippled it in December, Scattered Spider used to rely on the ransomware payload of ALPHV/BlackCat - formerly the biggest dog in the ransomware kennel - so the adoption of RansomHub and Qilin by a group like Scattered Spider demonstrates how seriously the new guard is being taken.

RansomHub first emerged in February 2024 as a rebrand of the Knight ransomware crew and has claimed responsibility for high-profile attacks on the likes of Christie's, Frontier Communications, and US pharmacy chain Rite Aid since then.

Arctic Wolf fell short of it giving it "Ransomware group" status, as it's too new to determine what kind of organizational structure it has.

The criminal group has been spotted, in typical fashion for the hermit nation, trying to raise funds by defrauding Western economies through malware and ransomware payments in the region of $6.6 million a pop.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/16/scattered_spider_ransom/