FBI warns Scattered Spider targeting Salesforce customers with BazarLoader malware

The FBI has issued a warning about the Scattered Spider threat group targeting Salesforce customers using BazarLoader malware. This campaign involves sophisticated phishing attacks aimed at compromising Salesforce accounts to gain access to sensitive corporate data. Scattered Spider, known for its advanced tactics, leverages social engineering and malware delivery to infiltrate networks. The FBI's alert highlights the importance of vigilance among Salesforce users and recommends enhanced security measures such as multi-factor authentication and regular monitoring for suspicious activities. Organizations are urged to educate employees on recognizing phishing attempts and to implement robust cybersecurity protocols to mitigate the risk posed by this threat actor. This incident underscores the growing trend of cybercriminals exploiting popular cloud platforms to conduct targeted attacks, emphasizing the need for continuous threat intelligence and proactive defense strategies in the cybersecurity landscape.

This Cyber News was published on therecord.media. Publication date: Mon, 15 Sep 2025 18:35:20 +0000

Cyber News related to FBI warns Scattered Spider targeting Salesforce customers with BazarLoader malware

Scattered Spider is running a VMware ESXi hacking spree - This allows Scattered Spider to scan the network devices for IT documentation that would provide high-value targets, like the names of domain or VMware vSphere administrators, and security groups that can provide administrative permissions over the ...
2 months ago Bleepingcomputer.com Scattered Spider

Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider

FBI warns Scattered Spider targeting Salesforce customers with BazarLoader malware - The FBI has issued a warning about the Scattered Spider threat group targeting Salesforce customers using BazarLoader malware. This campaign involves sophisticated phishing attacks aimed at compromising Salesforce accounts to gain access to sensitive ...
3 weeks ago Therecord.media Scattered Spider

As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs - Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them. A game of cops and robbers is playing out between the FBI and Scattered Spider, the cybercrime ...
1 year ago Darkreading.com Scattered Spider

Scattered Spider hackers shift focus to aviation, transportation firms - Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a classification of threat actors that are adept at using social engineering attacks, phishing, ...
3 months ago Bleepingcomputer.com Qilin Dragonforce Ransomhub Scattered Spider

ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH - A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. These breaches have ...
2 months ago Bleepingcomputer.com Hunters Scattered Spider

Hackers behind UK retail attacks now targeting US companies - Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a term used to describe a fluid collective of threat actors known for breaching many high-profile organizations worldwide in sophisticated ...
4 months ago Bleepingcomputer.com Scattered Spider Dragonforce

Scattered Spider Employs Sophisticated Attacks to Steal Login Credentials & MFA Tokens - To counter this threat, Silent Push has developed Indicators of Future Attack (IOFA) feeds that track Scattered Spider infrastructure, including recently observed domains like “klv1.it.com” targeting Klaviyo and multiple others ...
5 months ago Cybersecuritynews.com Scattered Spider

Researchers Expose Scattered Spider's Tools, Techniques and Key Indicators - Scattered Spider, a sophisticated cyber threat group known for aggressive social engineering and targeted phishing, is broadening its scope, notably targeting aviation alongside enterprise environments. During a targeted investigation, Check Point ...
3 months ago Cybersecuritynews.com Scattered Spider

Scattered Spider Hackers Actively Attacking Aviation and Transportation Firms - Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, confirmed that his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered ...
3 months ago Cybersecuritynews.com Scattered Spider

Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration | The Record from Recorded Future News - The Scattered Spider cybercriminal group is targeting victims’ data storage tools after gaining initial access by impersonating contracted information technology (IT) help desks. In “many” incidents, Scattered Spider was seen searching for an ...
2 months ago Therecord.media Dragonforce Scattered Spider

CISA and FBI Shared Tactics, Techniques, and Procedures of Scattered Spider Hacker Group - CISA analysts identified that Scattered Spider has recently expanded its arsenal to include DragonForce ransomware alongside traditional data exfiltration techniques, marking a significant escalation in the group’s threat profile. Scattered ...
2 months ago Cybersecuritynews.com Scattered Spider Dragonforce

Global Authorities Share IoCs and TTPs of Scattered Spider Behind Major ESXi Ransomware Attacks - The joint advisory, released by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Royal Canadian Mounted Police (RCMP), Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), ...
2 months ago Cybersecuritynews.com Scattered Spider Dragonforce

Scattered Spider Malware Targeting Klaviyo, HubSpot, and Pure Storage Services - Security teams should be particularly vigilant for suspicious authentication attempts, unknown devices connecting to corporate networks, and unusual account activity patterns that might indicate successful credential theft through Scattered ...
5 months ago Cybersecuritynews.com Scattered Spider

Scattered Spider member pleads guilty to identity theft, wire fraud charges | The Record from Recorded Future News - Urban, who goes by the alias "Sosa," “Elijah,” and “King Bob” was "part of a group of loosely organized individuals who engage in account takeovers and [stole] cryptocurrency from online exchanges" from August 2022 through ...
6 months ago Therecord.media Scattered Spider

Inside the strategy of Salesforce's new Chief Trust Officer - In this Help Net Security interview, Arkin discusses a collaborative approach to building trust among customers, employees, and stakeholders, focusing on transparency, shared responsibility, and empowering others to integrate trusted and responsible ...
1 year ago Helpnetsecurity.com

Scattered Spider Attacking Finance & Insurance Industries - Hackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own. These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual ...
1 year ago Gbhackers.com Scattered Spider

US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
1 year ago Wired.com

Salesforce Lays-Off 700 Staff - American CRM giant Salesforce is reportedly reducing its workforce again, on top of a sizeable reduction back in 2023. The Wall Street Journal reported that Salesforce is laying off 700 workers, or 1 percent of its workforce, in the latest round of ...
1 year ago Silicon.co.uk

Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence - Rapid7 analysts identified a novel persistence mechanism during recent incident investigations, revealing the group’s adoption of Teleport, an infrastructure access platform not previously associated with Scattered Spider operations. The ...
3 months ago Cybersecuritynews.com Scattered Spider

Feds Tie Scattered Spider Duo to $115M in Ransoms - The U.S. federal authorities have linked a cybercriminal duo known as Scattered Spider to ransom payments totaling $115 million. This revelation underscores the significant impact of ransomware attacks on businesses and the growing sophistication of ...
2 weeks ago Krebsonsecurity.com Scattered Spider

Marks & Spencer breach linked to Scattered Spider ransomware attack - Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a group of threat actors that are adept at using social engineering attacks, phishing, ...
5 months ago Bleepingcomputer.com Scattered Spider

Update Your Defenses Against Scattered Spider Ransomware Group - The Scattered Spider ransomware group has been increasingly active, targeting organizations with sophisticated ransomware attacks. This group is known for its advanced tactics, techniques, and procedures (TTPs) that enable it to infiltrate networks, ...
2 weeks ago Infosecurity-magazine.com Scattered Spider

FBI Warns of Threat Actors Targeting Salesforce Customers - The FBI has issued a warning about threat actors targeting Salesforce customers through sophisticated cyberattacks. These threat actors exploit vulnerabilities and use social engineering tactics to gain unauthorized access to Salesforce environments, ...
3 weeks ago Darkreading.com