Category | Details |
---|---|
Threat Actors | Scattered Spider (also referred to as “The Community” or “The Com”). |
Campaign Overview | Ran phishing campaigns targeting large companies and their suppliers; stole credentials to access sensitive data and commit financial thefts. |
Target Regions | U.S. (including individuals and large companies like MGM Casino, Coinbase, Twilio, Mailchimp, LastPass, Riot Games, Reddit). |
Methodology | Used phishing campaigns via SMS (“smishing”), adversary-in-the-middle (AITM) attacks, social engineering, and SIM-swapping to gain unauthorized access. |
Product Targeted | Corporate networks, VPNs, telecommunications systems, cryptocurrency wallets, and business process outsourcing platforms. |
Malware Reference | Not explicitly named, but group employed custom phishing websites and AITM techniques for credential theft. |
Tools Used | SMS-based phishing (smishing), phishing websites, stolen credentials, and adversary-in-the-middle techniques. |
Vulnerabilities Exploited | Social engineering tactics and impersonation of trusted entities. |
TTPs | – Initial Access (T1190): Phishing attacks with fraudulent websites. – Credential Access (T1110): Used stolen credentials for further access. – Impact (T1485): Deleted or encrypted data to extort victims. |
Attribution | Five individuals named, including Tyler Robert Buchanan (UK) and four Americans; linked to the larger “Community” cybercriminal group. |
Recommendations | Educate employees on phishing risks, implement multi-factor authentication (MFA), monitor for suspicious activity, and segment critical systems. |
Source | The Record |
Read full article: https://therecord.media/five-scattered-spider-members-charged-breaches-11-million-theft
Disclaimer: The above summary has been generated by an AI language model.
Leave a Reply