Our research on the Scattered Spider APT group has been picked up by Detection Engineering – a major CTI blog dedicated to detecting and counteracting cyber threats.
Scattered Spider are a financially motivated threat group who has been active since the second quarter of 2022.
The group is known for launching sophisticated social engineering attacks designed to obtain login credentials and MFA tokens from employees.
Scattered Spider have been responsible for hundreds of incidents in the past year, two of which generated a large amount of media interested and caused significant financial and reputational harm for the organizations involved: the Twilio/Okta breach of August 2022 and the MGM breach of September 2023.
Attacks commonly commence with sustained SMS phishing messages sent to the mobile phones of both current and former employees of the targeted organization.
Over the past 90 days, Threat Analysts working with Silent Push first-party data have observed an increase in the number of domains created by Scattered Spider targeting organizations in the financial, insurance, investment, food ordering and delivery, retail and entertainment sectors.
Scattered Spider’s deployment methods feature identifiable patterns and commonalities that allow Silent Push users to discover associated infrastructure and enumerate the threat actor’s online presence, using an array of lookups that can be tailored to a unique set of requirements.
Read our blog for a full investigation, including mitigation – https://www.silentpush.com/blog/scattered-spider/