Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a classification of threat actors that are adept at using social engineering attacks, phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping to gain initial network access on large organizations. Unlike many other English-speaking threat actors, those associated with "Scattered Spider" have been known to partner with Russian-speaking ransomware gangs, such as BlackCat, RansomHub, Qilin, and DragonForce. While other threat actors conduct identity attacks, Scattered Spider has become associated with this tactic due to their regular targeting of help desks and password and MFA infrastructure. However, Palo Alto Networks' Sam Rubin, SVP of Consulting and Threat Intelligence, has now confirmed on LinkedIn that Scattered Spider has begun targeting the aviation industry. Both Google Threat Intelligence Group (GTIG) and Palo Alto Networks have released guides on hardening defenses against the known "Scattered Spider" tactics used by these threat actors. As attacks associated with Scattered Spider tactics are also commonly used by different individuals from a loose network of threat actors, it makes it difficult to track them. These threat actors have employed a sector-by-sector approach, initially targeting retail companies, such as M&S and Co-op, in the United Kingdom and the United States and subsequently shifting their focus to insurance companies. While Scattered Spider is commonly referred to as a cohesive gang, it is actually used to denote threat actors who utilize specific tactics when conducting attacks. Other attacks linked to Scattered Spider include those on MGM, Marks & Spencer, Co-op, Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Games, and Reddit.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 27 Jun 2025 18:25:20 +0000