CyberSecurityBoard
Sponsor Register Login

Scattered Spider Attacking Tech Companies Using Phishing Frameworks Like Evilginx and Social Engineering Methods

Fluent English-speaking callers, often working “evening shifts” that coincide with Western office hours, posed as CFOs or IT staff to persuade help-desk agents to reset multi-factor authentication (MFA) tokens, providing Evilginx with the final session cookie needed for lateral movement. Scattered Spider burst onto the cybersecurity stage in early 2022 as little more than a SIM-swapping crew, but by mid-2025 it had pivoted into a full-scale, financially motivated threat group leveraging advanced phishing toolkits to breach some of the world’s most technology-dependent firms. Once the session cookie is harvested, Scattered Spider scripts an API call to Okta’s /api/v1/sessions/me endpoint to confirm validity before pivoting into VPN or SaaS consoles. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. During the past year, investigators have connected Scattered Spider to a string of coordinated intrusions against managed service providers (MSPs) and IT contractors, capitalizing on their “one-to-many” access to customer networks. May 2025 marked a turning point, as the breaches at UK household names such as Marks & Spencer and Co-op—traced to compromised credentials at Tata Consultancy Services—revealed the depth of Scattered Spider’s social-engineering playbook. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. ReliaQuest analysts identified that 81 percent of the gang’s registered domains impersonated technology vendors, a tactic designed to lure system administrators and executives into Evilginx-powered credential traps. The result has been a wave of follow-on ransomware, double-extortion schemes, and data-theft incidents that forced retailers and SaaS providers on both sides of the Atlantic to reset thousands of privileged accounts. Unlike classic phishing sites that merely collect usernames and passwords, Evilginx operates as a transparent reverse proxy that intercepts every HTTP transaction between victim and legitimate identity provider. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 30 Jun 2025 10:05:09 +0000


Cyber News related to Scattered Spider Attacking Tech Companies Using Phishing Frameworks Like Evilginx and Social Engineering Methods

Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider Attacking Tech Companies Using Phishing Frameworks Like Evilginx and Social Engineering Methods - Fluent English-speaking callers, often working “evening shifts” that coincide with Western office hours, posed as CFOs or IT staff to persuade help-desk agents to reset multi-factor authentication (MFA) tokens, providing Evilginx with the final ...
5 hours ago Cybersecuritynews.com Scattered Spider
Social Engineering Attacks: Tactics and Prevention - Social engineering attacks have become a significant concern in today's digital landscape, posing serious risks to the security and sensitive information of individuals and organizations. By comprehending these tactics and implementing preventive ...
1 year ago Securityzap.com
Social Engineering: The Art of Human Hacking - Social engineering exploits this vulnerability by manipulating human psychology and emotions to gain unauthorized access to systems and data. Rather than directly breaking cyber defenses, social engineering tactics exploit human vulnerabilities - ...
1 year ago Offsec.com
Scattered Spider hackers shift focus to aviation, transportation firms - Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a classification of threat actors that are adept at using social engineering attacks, phishing, ...
2 days ago Bleepingcomputer.com Qilin Dragonforce Ransomhub Scattered Spider
Hackers behind UK retail attacks now targeting US companies - Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a term used to describe a fluid collective of threat actors known for breaching many high-profile organizations worldwide in sophisticated ...
1 month ago Bleepingcomputer.com Scattered Spider Dragonforce
Scattered Spider Employs Sophisticated Attacks to Steal Login Credentials & MFA Tokens - To counter this threat, Silent Push has developed Indicators of Future Attack (IOFA) feeds that track Scattered Spider infrastructure, including recently observed domains like “klv1.it.com” targeting Klaviyo and multiple others ...
2 months ago Cybersecuritynews.com Scattered Spider
Scattered Spider Malware Targeting Klaviyo, HubSpot, and Pure Storage Services - Security teams should be particularly vigilant for suspicious authentication attempts, unknown devices connecting to corporate networks, and unusual account activity patterns that might indicate successful credential theft through Scattered ...
1 month ago Cybersecuritynews.com Scattered Spider
As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs - Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them. A game of cops and robbers is playing out between the FBI and Scattered Spider, the cybercrime ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider Hackers Actively Attacking Aviation and Transportation Firms - Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, confirmed that his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered ...
2 days ago Cybersecuritynews.com Scattered Spider
Scattered Spider Attacking Finance & Insurance Industries - Hackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own. These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual ...
1 year ago Gbhackers.com Scattered Spider
Hacker Conversations: Stephanie 'Snow' Carruthers, Chief People Hacker at IBM X-Force Red - Social engineering is effectively hacking human thought processes. Social engineering is a major factor in the overall process but is not directly part of repurposing electronic systems. A social engineer is usually classified as a hacker, and is ...
1 year ago Securityweek.com
Marks & Spencer breach linked to Scattered Spider ransomware attack - Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a group of threat actors that are adept at using social engineering attacks, phishing, ...
2 months ago Bleepingcomputer.com Scattered Spider
Social Engineering Awareness: How CISOs And SOC Heads Can Protect The Organization - By combining advanced technical controls with continuous training and a culture of security awareness, CISOs and SOC leaders can significantly reduce the risk of successful attacks. As technical defenses evolve and strengthen, attackers have shifted ...
2 months ago Cybersecuritynews.com
Scattered Spider member pleads guilty to identity theft, wire fraud charges | The Record from Recorded Future News - Urban, who goes by the alias "Sosa," “Elijah,” and “King Bob” was "part of a group of loosely organized individuals who engage in account takeovers and [stole] cryptocurrency from online exchanges" from August 2022 through ...
2 months ago Therecord.media Scattered Spider
Combatting Social Engineering - One popular cyber-attack method known as social engineering leverages human psychology to gather information and perform attacks instead. Social engineering is the psychological manipulation of people into performing actions or divulging confidential ...
1 year ago Cyberdefensemagazine.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
AI-Powered Phishing Detection - Does It Actually Work? - Unlike traditional methods that rely on identifying known threats, AI-powered systems analyze patterns and behaviors to detect anomalies indicative of phishing attempts. The rise of artificial intelligence (AI) has brought new hope to combating these ...
2 months ago Cybersecuritynews.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
AI and the Evolution of Social Media - A decade ago, social media was celebrated for sparking democratic uprisings in the Arab world and beyond. In a 2022 survey, Americans blamed social media for the coarsening of our political discourse, the spread of misinformation, and the increase in ...
1 year ago Securityboulevard.com
Spotting Phishing Attacks with Image Verification Techniques - Phishing refers to the tactic used by scammers who impersonate reputable brands and lure victims to click on suspicious links so that they can breach the privacy and sensitive data of individuals. You can call image-based phishing a relatively ...
2 months ago Cybersecuritynews.com
Social Justice: a global perspective - Today, we commemorate World Day of Social Justice and honor those across the globe who stand for the equitable access to opportunities within societies where individuals' rights are recognized and protected. I have the distinct honor of leading the ...
1 year ago Feedpress.me
Clorox says cyberattack caused $49 million in expenses - Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident. Clorox is an American manufacturer of consumer and professional cleaning products with 8,700 employees ...
1 year ago Bleepingcomputer.com Scattered Spider

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)