Scattered Spider (also known as, UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, and Muddled Libra) engages in data extortion and several other criminal activities.
Scattered Spider threat actors use multiple social engineering techniques—including push bombing—and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA). According to public reporting, Scattered Spider threat actors have:
- Posed as company IT and/or helpdesk staff using phone calls or SMS messages to obtain credentials from employees and gain access to the network.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian government hackers said to be behind US federal court filing system hack
August 12, 2025
The Russian government is allegedly behind the data breach affecting the U.S. court filing system known as PACER, according to The New York Times. Citing anonymous sources, the newspaper said Russia “is at least in part responsible” for the cyberattack, without saying what part of the Russian government is behind the hack. The hackers searched for ...
- U.S. Department of Justice Announces Coordinated Disruption Actions Against BlackSuit (Royal) Ransomware Operations
August 11, 2025
Law Enforcement Seizes Servers, Domains, and Approximately $1 Million In Laundered Proceeds Owned By BlackSuit (Royal) Ransomware The Justice Department announced today coordinated actions against the BlackSuit (Royal) Ransomware group which included the takedown of four servers and nine domains on July 24, 2025. The takedown was conducted by the Department of Homeland Security’s Homeland Security ...
- Massive leak of over 115 million US payment cards caused by Chinese “smishing” hackers
August 10, 2025
A wave of advanced phishing campaigns, traced to Chinese-speaking cybercriminal syndicates, may have compromised up to 115 million US payment cards in just over a year, experts have warned. Researchers at SecAlliance revealed these operations represent a growing convergence of social engineering, real-time authentication bypasses, and phishing infrastructure designed to scale. Investigators have identified a figure ...
- Data breach at Central Maine Healthcare exposes patient information
August 1, 2025
Central Maine Healthcare says an unauthorized party gained access to its network on March 19th, and they kept that access until June 1st. After a weeks-long shut down of phone and online services, Central Maine Healthcare officials say patient data was likely compromised during a two and a half month period where a hacker gained access ...
- Minnesota: St. Paul cyber attack sparks reflections, calls to action
July 31, 2025
The recent cyber attack in St. Paul has gained pretty much everyone’s attention in the government technology space. It didn’t hurt that Gov. Tim Walz deployed 13 members of the Minnesota National Guard’s Cyber Protection Unit to help fix the damage — reportedly the first time that unit has deployed inside the state in its eight ...
- Joint Cybersecurity Advisory: Scattered Spider
July 29, 2025
Scattered Spider (also known as, UNC3944, Scatter Swine, Oktapus, Octo Tempest, Storm-0875, and Muddled Libra) engages in data extortion and several other criminal activities. Scattered Spider threat actors use multiple social engineering techniques—including push bombing—and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA). According to public ...