| Category | Details |
|---|---|
| Threat Actors | Scattered Spider (also referred to as “The Community” or “The Com”). |
| Campaign Overview | Ran phishing campaigns targeting large companies and their suppliers; stole credentials to access sensitive data and commit financial thefts. |
| Target Regions | U.S. (including individuals and large companies like MGM Casino, Coinbase, Twilio, Mailchimp, LastPass, Riot Games, Reddit). |
| Methodology | Used phishing campaigns via SMS (“smishing”), adversary-in-the-middle (AITM) attacks, social engineering, and SIM-swapping to gain unauthorized access. |
| Product Targeted | Corporate networks, VPNs, telecommunications systems, cryptocurrency wallets, and business process outsourcing platforms. |
| Malware Reference | Not explicitly named, but group employed custom phishing websites and AITM techniques for credential theft. |
| Tools Used | SMS-based phishing (smishing), phishing websites, stolen credentials, and adversary-in-the-middle techniques. |
| Vulnerabilities Exploited | Social engineering tactics and impersonation of trusted entities. |
| TTPs | - Initial Access (T1190): Phishing attacks with fraudulent websites. - Credential Access (T1110): Used stolen credentials for further access. - Impact (T1485): Deleted or encrypted data to extort victims. |
| Attribution | Five individuals named, including Tyler Robert Buchanan (UK) and four Americans; linked to the larger “Community” cybercriminal group. |
| Recommendations | Educate employees on phishing risks, implement multi-factor authentication (MFA), monitor for suspicious activity, and segment critical systems. |
| Source | The Record |
Read full article: https://therecord.media/five-scattered-spider-members-charged-breaches-11-million-theft
Disclaimer: The above summary has been generated by an AI language model.
Leave a Reply