Scattered Spider (also known as, UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, and Muddled Libra) engages in data extortion and several other criminal activities.
Scattered Spider threat actors use multiple social engineering techniques—including push bombing—and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA). According to public reporting, Scattered Spider threat actors have:
- Posed as company IT and/or helpdesk staff using phone calls or SMS messages to obtain credentials from employees and gain access to the network.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Users of illegal websites targeted in joint law-enforcement activity
January 29, 2019
The National Crime Agency, working with law enforcement partners from 14 countries, has taken action against a number of cyber criminals website users linked to four million attacks across the globe. This latest action is part of Operation Power Off, which pursues those individuals and services responsible for committing or facilitating DDoS (Distributed Denial of Service) ...
- States activate National Guard cyber units for US midterm elections
November 5, 2018
At least three US states have activated and put National Guard cyber-security units on standby for midterm elections. The three states are Washington, Illinois, and, more recently, Wisconsin. According to officials, these cyber-security teams will be prepared to assist state election officials in the event of a cyber-security incident during the elections. Illinois officials have activated National ...
- Coming soon: Better collaboration, sharing with U.S. allies, IC CIO Sherman says
October 31, 2018
The U.S. intelligence community is working to improve collaboration and communication with its Five Eyes allies and beyond. Intelligence community CIO John Sherman plans “in just a couple weeks” to convene CIOs from Five Eyes allied nations — Australia, Canada, New Zealand and the United Kingdom — “to work through some of these issues” concerning intelligence collaboration ...
- Millions of Voter Records Up for Sale Ahead of the US Midterm Elections
October 30, 2018
As the US midterm elections close in, the underground markets appear to be flush with voter databases available for affordable prices. Voter information is rich with details that could help an attacker learn enough about the victim to steal their identity. Cybersecurity company Carbon Black, at least one market on the dark web lists for sale voter ...
- Up to 35 Million 2018 Voter Records For Sale on Hacking Forum
October 15, 2018
Just weeks before the midterms, voter information from 19 states has turned up on the Dark Web. Up to 35 million voter records have been found up for sale on a popular hacking forum from 19 states, researchers discovered. Researchers at Anomali Labs and Intel 471 on Monday said that they discovered Dark Web communications offering a ...
- UK pins ‘reckless campaign of cyber attacks’ on Russian military intelligence
October 4, 2018
The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties. In the bulletin, the UK government’s National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU. This comes in the wake of long-standing concerns that Russia ...