Scattered Spider (also known as, UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, and Muddled Libra) engages in data extortion and several other criminal activities.
Scattered Spider threat actors use multiple social engineering techniques—including push bombing—and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA). According to public reporting, Scattered Spider threat actors have:
- Posed as company IT and/or helpdesk staff using phone calls or SMS messages to obtain credentials from employees and gain access to the network.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US to offer cyberwar capabilities to NATO allies
October 4, 2018
Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official. The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers ...
- Pennsylvania Senate Democrats paid $700,000 to recover from ransomware attack
September 24, 2018
The Pennsylvania Senate Democratic Caucus paid $703,697 to Microsoft to rebuild its IT infrastructure after suffering a ransomware infection in March 2017. The incident took place on March 3, 2017, when the organization’s entire IT systems, including its web servers, went down at the hands of a yet-to-be-revealed ransomware strain. The ransomware encrypted files and requested payment of ...
- US State Department confirms: Unclassified staff email boxes hacked
September 18, 2018
The US State Department has confirmed one of its email systems was attacked, potentially exposing the personal information of some of its employees. Uncle Sam’s officials said in a statement to The Register on Tuesday that “suspicious activity” in its email system led it to send out warnings to a number of employees whose personal information may have ...
- U.S. Ties Lazarus to North Korea and Major Hacking Conspiracy
September 6, 2018
The DoJ said a DPRK spy, Park Jin-hyok, was involved in “a conspiracy to conduct multiple destructive cyberattacks around the world.” The Justice Department has charged a North Korean man in the hacking of Sony Pictures Entertainment (SPE) in 2014 – as well as the global WannaCry attack last year that caused millions of dollars of ...
- House Passes Bill Expanding DHS’ Power to Block Risky Contractors from Government Networks
September 5, 2018
The House passed legislation Tuesday that would dramatically broaden the Homeland Security Department’s power to block contractors and subcontractors that officials determine present cybersecurity and national security risks to the department’s technology supply chain. The bill, which is modeled on an authority already granted to the Defense Department, comes after Congress took action in the past ...
- Five Eyes governments get even tougher on encryption
September 2, 2018
“The governments of the United States, the United Kingdom, Canada, Australia, and New Zealand are committed to personal rights and privacy, and support the role of encryption in protecting those rights,” began a document agreed to last week. Sounds good. But wait. The government ministers who met on Australia’s Gold Coast last week went on to ...