Scattered Spider (also known as, UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, and Muddled Libra) engages in data extortion and several other criminal activities.
Scattered Spider threat actors use multiple social engineering techniques—including push bombing—and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA). According to public reporting, Scattered Spider threat actors have:
- Posed as company IT and/or helpdesk staff using phone calls or SMS messages to obtain credentials from employees and gain access to the network.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- U.S. State Department offers up to $11 Million reward for Information about ransomware administrator charged with cybercrimes for deploying “Lockergoga,” “Nefilim,” and “Megacortex”
September 9, 2025
BROOKLYN, NY – Earlier today, a superseding indictment was unsealed charging Volodymyr Tymoshchuk, also known as “deadforz,” “Boba,” “msfv,” and “farnetwork,” a Ukrainian national, for his role in international ransomware schemes. Tymoshchuk is not in U.S. custody. Joseph Nocella, Jr., United States Attorney for the Eastern District of New York; Matthew R. Galeotti, Acting Assistant Attorney ...
- Columbia University data breach hits 870,000 people
September 6, 2025
Columbia University recently confirmed a major cyberattack that compromised personal, financial, and health-related information tied to students, applicants, and employees. The victims include current and former students, employees, and applicants. Notifications to affected individuals began on August 7 and are continuing on a rolling basis. Columbia, one of the oldest Ivy League universities, discovered the breach ...
- ICE reactivates contract with spyware maker Paragon
September 2, 2025
U.S. Immigration and Customs Enforcement (ICE) signed a contract last year with Israeli spyware maker Paragon worth $2 million . Shortly after, the Biden administration put the contract under review, issuing a “stop work order,” to determine whether the contract complied with an executive order on commercial spyware, which restricts U.S. government agencies from using spyware ...
- Nevada hit by cyber attack disrupting state services for thousands
August 27, 2025
A cyber attack targeting Nevada’s state technology systems has left thousands of residents without access to vital services for days, with many offices still struggling to restore full operations. The attack, which began early Sunday morning, forced the closure of numerous state agencies, including the DMV, State Police, and Attorney General’s offices on Monday and Tuesday. ...
- FBI raids former national security adviser John Bolton’s home in high-profile national security probe
August 22, 2025
FBI agents raided the DC-area home of President Trump’s former national security adviser John Bolton on Friday morning in a high-profile national security probe, The Post can exclusively reveal. Federal agents went to Bolton’s house in Bethesda, Md., from 7 a.m. in an investigation ordered by FBI Director Kash Patel, a Trump administration official told The ...
- Ransomware attack at DaVita impacted 2.7 million people, US health dept website shows
August 21, 2025
A ransomware attack that encrypted certain elements of dialysis firm DaVita’s network impacted 2.7 million people, the U.S. health department’s website showed on Thursday. The firm had disclosed in April that it was hit by a cyberattack. At the time, it said it would continue to provide patient care as it took measures to restore certain ...