CyberSecurityBoard
Sponsor Register Login

Scattered Spider Employs Sophisticated Attacks to Steal Login Credentials & MFA Tokens

To counter this threat, Silent Push has developed Indicators of Future Attack (IOFA) feeds that track Scattered Spider infrastructure, including recently observed domains like “klv1.it.com” targeting Klaviyo and multiple others impersonating corporate services. This domain, likely part of a previous brand protection effort by Twitter, changed hands multiple times – initially registered on Porkbun in June 2022, taken over by Twitter (working with brand protection vendor CSC) by August 2022, and then reacquired by Scattered Spider in October 2024 through NiceNIC, their current registrar of choice. Scattered Spider, a notorious hacker collective active since at least 2022, continues to launch increasingly sophisticated social engineering attacks aimed at stealing usernames, login credentials, and multifactor authentication (MFA) tokens. In early 2025, Silent Push researchers discovered Scattered Spider’s updated arsenal now includes a new version of Spectre RAT (Remote Access Trojan), a sophisticated malware that enables persistent access to compromised systems. Operating as part of a larger hacking collective known as “The Community” or “The Comm,” Scattered Spider has developed a reputation for conducting meticulous research on their targets before launching attacks. The group, also known as UNC3944, Star Fraud, Octo Tempest, Scatter Swine, or Muddled Libra, has been linked to several high-profile security breaches, including the Twilio incident in August 2022 and the MGM breach in September 2023. Silent Push researchers have successfully identified five distinct Scattered Spider phishing kits being used since at least 2023, with some showing several iterations and updates. Recent findings from Silent Push analysts reveal a significant development: Scattered Spider has acquired a domain (twitter-okta.com) previously owned by Twitter/X. The malware incorporates a sophisticated debug logging system that records errors with specific codes, such as “100 10010” for invalid beacon responses and “100 10002” for installation path issues.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 10 Apr 2025 08:10:13 +0000


Cyber News related to Scattered Spider Employs Sophisticated Attacks to Steal Login Credentials & MFA Tokens

Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider Employs Sophisticated Attacks to Steal Login Credentials & MFA Tokens - To counter this threat, Silent Push has developed Indicators of Future Attack (IOFA) feeds that track Scattered Spider infrastructure, including recently observed domains like “klv1.it.com” targeting Klaviyo and multiple others ...
2 months ago Cybersecuritynews.com Scattered Spider
Hackers behind UK retail attacks now targeting US companies - Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a term used to describe a fluid collective of threat actors known for breaching many high-profile organizations worldwide in sophisticated ...
1 month ago Bleepingcomputer.com Scattered Spider Dragonforce
As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs - Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them. A game of cops and robbers is playing out between the FBI and Scattered Spider, the cybercrime ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider Malware Targeting Klaviyo, HubSpot, and Pure Storage Services - Security teams should be particularly vigilant for suspicious authentication attempts, unknown devices connecting to corporate networks, and unusual account activity patterns that might indicate successful credential theft through Scattered ...
1 month ago Cybersecuritynews.com Scattered Spider
What is adaptive multifactor authentication? - Adaptive multifactor authentication is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Adaptive MFA essentially poses different sets of authentication requirements based on the ...
1 year ago Techtarget.com
MFA and supply chain security: It's no magic bullet - With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments. Attackers are targeting ...
1 year ago Securityboulevard.com
Misconfigured MFA Increasingly Targeted by Cybercriminals - In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication issues, according to the latest Cisco Talos report. A quarter of these incidents were caused by users accepting fraudulent ...
11 months ago Securityboulevard.com
Scattered Spider member pleads guilty to identity theft, wire fraud charges | The Record from Recorded Future News - Urban, who goes by the alias "Sosa," “Elijah,” and “King Bob” was "part of a group of loosely organized individuals who engage in account takeovers and [stole] cryptocurrency from online exchanges" from August 2022 through ...
2 months ago Therecord.media Scattered Spider
Marks & Spencer breach linked to Scattered Spider ransomware attack - Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a group of threat actors that are adept at using social engineering attacks, phishing, ...
1 month ago Bleepingcomputer.com Scattered Spider
Scattered Spider Attacking Finance & Insurance Industries - Hackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own. These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual ...
1 year ago Gbhackers.com Scattered Spider
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
1 year ago Techrepublic.com
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
3 years ago
Threat Actors Bypass MFA Using AiTM Attack via Reverse Proxies - Multi-factor authentication (MFA) has long been touted as a robust security measure against phishing attacks, but sophisticated threat actors have developed new techniques to circumvent these protections. Rather than simply creating fake landing ...
1 month ago Cybersecuritynews.com
Why Tokens Are Like Gold for Opportunistic Threat Actors - COMMENTARY. Authentication tokens aren't actual physical tokens, of course. Authentication tokens are an important part of cybersecurity. Which means that anyone with a token has a gold key to corporate systems - without requiring a multifactor ...
1 year ago Darkreading.com
Microsoft to start enforcing Azure multi-factor authentication in July - Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout ...
1 year ago Bleepingcomputer.com Black Basta
Twisted Spider's Dangerous CACTUS Ransomware Attack - In a sophisticated cyber campaign, the group Twisted Spider, also recognized as Storm-0216, has joined forces with the cybercriminal faction Storm-1044. Employing a strategic method, they target specific endpoints through the deployment of an initial ...
1 year ago Cysecurity.news Cactus
Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account - This code snippet shows how attackers can intercept an authentication response and modify critical status flags to falsely indicate MFA verification has been successfully completed. These advanced techniques, which exploit vulnerabilities in ...
3 months ago Cybersecuritynews.com
Clorox says cyberattack caused $49 million in expenses - Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident. Clorox is an American manufacturer of consumer and professional cleaning products with 8,700 employees ...
1 year ago Bleepingcomputer.com Scattered Spider
Don't phish for deals this holiday season - This season is also a prime opportunity for attackers seeking to capitalize on unsuspecting individuals, employing identity-based cyberattacks such as phishing to compromise users' credentials and take control of their accounts. While education on ...
1 year ago Securityboulevard.com
Badge Makes Device-Independent Authentication Platform Available - Badge Inc. today announced that a namesake platform that enables end users to securely be authenticated on-demand using any device is now generally available. The company has allied with Okta to provide integration with an identity access management ...
1 year ago Securityboulevard.com
Defusing the threat of compromised credentials - In the end, some employees who were targeted approved the MFA requests and the attackers gained access to these accounts. Most phishing attacks employ similar social engineering techniques to trick users into turning over their credentials. Attackers ...
1 year ago Feedpress.me
3 main tactics attackers use to bypass MFA - Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in ...
1 year ago Helpnetsecurity.com
‘SessionShark' - New Toolkit That Evades Microsoft Office 365 MFA - The toolkit implements specialized “human verification techniques” to filter out automated security scanners and research bots, ensuring the phishing content remains hidden from security systems. A sophisticated new phishing toolkit named ...
1 month ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)