“Scattered Spider Launches Fresh Ransomware and Social Engineering Strategies”
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Brief Overview
- Scattered Spider has adopted novel ransomware and social engineering strategies.
- DragonForce ransomware is now included in their resources.
- New strategies involve impersonating staff to deceive IT support.
- Remote access applications like AnyDesk and Teleport.sh are utilized to avoid detection.
- The RattyRAT trojan improves their sustained access abilities.
- Targets feature Snowflake data cloud and VMware ESXi servers.
- Connections to the Com online criminal network are recognized.
- The FBI cautions about a Com subgroup, Hacker Com, connected to ransomware-as-a-service.
Progression of Cyber Threats
The Scattered Spider collective, noted for its advanced cyber assaults, has bolstered its inventory with new ransomware and social engineering approaches, as reported by the Australian Cyber Security Centre (ACSC) and various Western entities.
Innovative Tactics and Approaches
Recently, Scattered Spider has begun employing DragonForce ransomware, utilized post data exfiltration for blackmail. Interaction with targeted entities takes place via The Onion Router (TOR), email, or encrypted messaging applications.
Data Exfiltration and Manipulation
This group transfers data to platforms like Mega.nz and Amazon S3. They have refined their social engineering methods, posing as personnel to influence IT helpdesks into resetting passwords and shifting MFA tokens.
Enhanced Tools for Concealment
Scattered Spider employs legitimate remote access tools such as AnyDesk and Teleport.sh to hide their activities. The Java-based trojan RattyRAT is also utilized to sustain undetected access.
Focusing on Cloud and Server Systems
The group aims at Snowflake data cloud for swift data exfiltration and encrypts VMware ESXi servers to heighten the urgency for ransom settlements. They create false user profiles and social media accounts to preserve access.
Advice for Organizations
To mitigate these threats, organizations are advised to implement phishing-resistant MFA, prohibit unauthorized software, and keep offline backups, as suggested by security agencies.
Connections to Criminal Syndicates
Scattered Spider is associated with the Com online criminal network, which recruits through channels like Roblox and Discord. A subgroup, Hacker Com, participates in ransomware-as-a-service and other illicit activities such as DDoS assaults and SIM swapping.
FBI Alerts
The FBI has circulated warnings regarding Hacker Com’s refined operations, which comprise selling technical support and engaging in violent retribution actions like “swatting.”
Conclusion
Scattered Spider’s progress in ransomware and social engineering strategies underscores the shifting cyber threat environment. Their ties to the Com network and advanced methods present substantial threats to organizations globally.
Q: What is DragonForce ransomware?
A: DragonForce is a variant of ransomware utilized by Scattered Spider for extortion following data breach.
Q: How does Scattered Spider execute social engineering?
A: They impersonate staff members to deceive IT helpdesks into changing passwords and transferring MFA tokens.
Q: What tools does Scattered Spider use for remote connectivity?
A: They leverage AnyDesk, Teleport.sh, and the RattyRAT trojan to maintain concealed access.
Q: Why is the Snowflake data cloud a target?
A: Snowflake enables Scattered Spider to perform large data queries quickly for exfiltration purposes.
Q: What constitutes the Com network?
A: It is an online criminal syndicate affiliated with Scattered Spider, recruiting via platforms such as Roblox and Discord.
Q: What measures has the FBI taken?
A: The FBI has issued warnings about Hacker Com’s advanced criminal enterprises, including ransomware-as-a-service.
