CyberSecurityBoard
Sponsor Register Login

Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration | The Record from Recorded Future News

The Scattered Spider cybercriminal group is targeting victims’ data storage tools after gaining initial access by impersonating contracted information technology (IT) help desks. In “many” incidents, Scattered Spider was seen searching for an organization's Snowflake access in order to steal large volumes of data, the advisory said. Government agencies in the U.S., U.K., Canada and Australia updated an advisory initially released in November 2023 about the group — which has recently caused alarm with back-to-back campaigns targeting large companies in the retail, insurance and airline industries. The FBI and others said the group is now posing as employees of targeted companies to convince IT teams or help desk staff to provide login information, passwords or other access through devices. Hackers connected to Scattered Spider are now using remote access tools like AnyDesk to bypass security alerts and deploying malware to maintain access while conducting internal reconnaissance. The group has also been seen purchasing employee or contractor credentials on cybercriminal forums like Russia Market or compromising third party services that have access to the networks of potential targets. Scattered Spider — a large, loosely affiliated network of hackers — has continued to evolve its tactics over the years but continues to sporadically turn back to tried-and-true methods like phishing. “It is common for the threat actors to gather the personally identifiable information (PII) of users with elevated access to their network using online open-source information,” the agencies explained. “While Scattered Spider initially began their activity relying upon broad phishing campaigns, the threat actors are now employing more targeted and multilayered spearphishing and vishing operations. Using “layered social engineering techniques,” the hackers figure out what they need to convince IT help desks to give them access to an employee’s account. The data storage company serves many large organizations, but those clients are responsible for maintaining access credentials. The advisory notes that the DragonForce ransomware was used in several incidents, allowing the hackers to monetize their access, steal data and more. Year of law enforcement action against alleged members of the group have done little to stop it from continuing to wage successful campaigns against large companies.

This Cyber News was published on therecord.media. Publication date: Tue, 29 Jul 2025 18:25:28 +0000


Cyber News related to Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration | The Record from Recorded Future News

Snowflake at centre of world's largest data breach - Cloud AI Data platform Snowflake are having a bad month. Ticketmaster owner Live Nation filed an 8-K with the SEC for potentially the largest data breach ever, claimed to be 560 million customers. Additionally incidents are running at multiple other ...
1 year ago Doublepulsar.com
Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration | The Record from Recorded Future News - The Scattered Spider cybercriminal group is targeting victims’ data storage tools after gaining initial access by impersonating contracted information technology (IT) help desks. In “many” incidents, Scattered Spider was seen searching for an ...
3 weeks ago Therecord.media Dragonforce Scattered Spider
Three Ways to Chill Attacks on Snowflake - More than a month after a spate of data theft of Snowflake environments, the full scope of the incident has become more clear: at least 165 likely victims, more than 500 stolen credentials, and suspicious activity connected to known malware from ...
1 year ago Darkreading.com
Scattered Spider is running a VMware ESXi hacking spree - This allows Scattered Spider to scan the network devices for IT documentation that would provide high-value targets, like the names of domain or VMware vSphere administrators, and security groups that can provide administrative permissions over the ...
4 weeks ago Bleepingcomputer.com Scattered Spider
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider hackers shift focus to aviation, transportation firms - Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a classification of threat actors that are adept at using social engineering attacks, phishing, ...
1 month ago Bleepingcomputer.com Qilin Dragonforce Ransomhub Scattered Spider
Hackers behind UK retail attacks now targeting US companies - Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a term used to describe a fluid collective of threat actors known for breaching many high-profile organizations worldwide in sophisticated ...
3 months ago Bleepingcomputer.com Scattered Spider Dragonforce
Scattered Spider Malware Targeting Klaviyo, HubSpot, and Pure Storage Services - Security teams should be particularly vigilant for suspicious authentication attempts, unknown devices connecting to corporate networks, and unusual account activity patterns that might indicate successful credential theft through Scattered ...
3 months ago Cybersecuritynews.com Scattered Spider
As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs - Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them. A game of cops and robbers is playing out between the FBI and Scattered Spider, the cybercrime ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider Employs Sophisticated Attacks to Steal Login Credentials & MFA Tokens - To counter this threat, Silent Push has developed Indicators of Future Attack (IOFA) feeds that track Scattered Spider infrastructure, including recently observed domains like “klv1.it.com” targeting Klaviyo and multiple others ...
4 months ago Cybersecuritynews.com Scattered Spider
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
10 months ago Aws.amazon.com
Scattered Spider member pleads guilty to identity theft, wire fraud charges | The Record from Recorded Future News - Urban, who goes by the alias "Sosa," “Elijah,” and “King Bob” was "part of a group of loosely organized individuals who engage in account takeovers and [stole] cryptocurrency from online exchanges" from August 2022 through ...
4 months ago Therecord.media Scattered Spider
New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
5 months ago Therecord.media
Researchers Expose Scattered Spider's Tools, Techniques and Key Indicators - Scattered Spider, a sophisticated cyber threat group known for aggressive social engineering and targeted phishing, is broadening its scope, notably targeting aviation alongside enterprise environments. During a targeted investigation, Check Point ...
1 month ago Cybersecuritynews.com Scattered Spider
ShinyHunters behind Salesforce data theft attacks at Qantas, Allianz Life, and LVMH - A wave of data breaches impacting companies like Qantas, Allianz Life, LVMH, and Adidas has been linked to the ShinyHunters extortion group, which has been using voice phishing attacks to steal data from Salesforce CRM instances. These breaches have ...
3 weeks ago Bleepingcomputer.com Hunters Scattered Spider
Global Authorities Share IoCs and TTPs of Scattered Spider Behind Major ESXi Ransomware Attacks - The joint advisory, released by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Royal Canadian Mounted Police (RCMP), Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), ...
3 weeks ago Cybersecuritynews.com Scattered Spider Dragonforce
CISA and FBI Shared Tactics, Techniques, and Procedures of Scattered Spider Hacker Group - CISA analysts identified that Scattered Spider has recently expanded its arsenal to include DragonForce ransomware alongside traditional data exfiltration techniques, marking a significant escalation in the group’s threat profile. Scattered ...
3 weeks ago Cybersecuritynews.com Scattered Spider Dragonforce
Scattered Spider Hackers Actively Attacking Aviation and Transportation Firms - Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, confirmed that his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered ...
1 month ago Cybersecuritynews.com Scattered Spider
Scattered Spider Attacking Finance & Insurance Industries - Hackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own. These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual ...
1 year ago Gbhackers.com Scattered Spider
Scattered Spider Upgraded Their Tactics to Abuse Legitimate Tools to Evade Detection and Maintain Persistence - Rapid7 analysts identified a novel persistence mechanism during recent incident investigations, revealing the group’s adoption of Teleport, an infrastructure access platform not previously associated with Scattered Spider operations. The ...
1 month ago Cybersecuritynews.com Scattered Spider
Microsoft Details Scattered Spider TTPs Observed in Recent Attack Chains - Cyber Security News - In mid-2025, a new surge of targeted intrusions, attributed to the threat group known variously as Scattered Spider, Octo Tempest, UNC3944, Muddled Libra, and 0ktapus, began impacting multiple industries. Complicating defenses further, Scattered ...
1 month ago Cybersecuritynews.com Scattered Spider Dragonforce
Scattered Spider Attacking Tech Companies Using Phishing Frameworks Like Evilginx and Social Engineering Methods - Fluent English-speaking callers, often working “evening shifts” that coincide with Western office hours, posed as CFOs or IT staff to persuade help-desk agents to reset multi-factor authentication (MFA) tokens, providing Evilginx with the final ...
1 month ago Cybersecuritynews.com Scattered Spider
Estonia’s cyber ambassador on digitalization, punching upwards and outing GRU spies | The Record from Recorded Future News - Well, UNIDIR [the United Nations Institute for Disarmament Research] has been doing some capacity building with some countries, and been doing in a smaller scale, but we saw that there's a need, really, to bring in people from all around the ...
1 month ago Therecord.media
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
6 months ago Darkreading.com Andariel Kimsuky

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)