The New Oil<p>Alleged ‘<a href="https://mastodon.thenewoil.org/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ScatteredSpider</span></a>’ Member Extradited to U.S.</p><p><a href="https://krebsonsecurity.com/2025/04/alleged-scattered-spider-member-extradited-to-u-s/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2025/04/al</span><span class="invisible">leged-scattered-spider-member-extradited-to-u-s/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybercrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybercrime</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon.
Funding graciously provided by the OpenStreetMap Foundation.
Administered by:
Server stats:
248active users
en.osm.town: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#scatteredspider
2 posts · 2 participants · 0 posts today
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/MarksAndSpencer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MarksAndSpencer</span></a> breach linked to <a href="https://mastodon.thenewoil.org/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ScatteredSpider</span></a> <a href="https://mastodon.thenewoil.org/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> attack</p><p><a href="https://www.bleepingcomputer.com/news/security/marks-and-spencer-breach-linked-to-scattered-spider-ransomware-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/marks-and-spencer-breach-linked-to-scattered-spider-ransomware-attack/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/retail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>retail</span></a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
B'ad Samurai 🐐<p>Solid write up on Scattered Spider by Silent Push, but trademarking a stupid new cybersecurity terms is gross and not helpful to the industry at large.</p><p><a href="https://www.silentpush.com/blog/scattered-spider-2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">silentpush.com/blog/scattered-</span><span class="invisible">spider-2025/</span></a></p><p><a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ScatteredSpider</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
The Threat Codex<p>Scattered Spider member pleads guilty to identity theft, wire fraud charges<br><a href="https://infosec.exchange/tags/SCATTEREDSPIDER" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SCATTEREDSPIDER</span></a> <br><a href="https://therecord.media/scattered-spider-member-noah-urban-guilty-plea" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">therecord.media/scattered-spid</span><span class="invisible">er-member-noah-urban-guilty-plea</span></a></p>
Dissent Doe :cupofcoffee:<p>Scattered Spider Hacking Gang Arrests Mount With Teen:</p><p>Remington Ogletree (aka "Remi") arrested and charged with wire fraud and aggravated identity theft. </p><p>This teen had jaw-droppingly bad opsec, and to add to it, he used a crypto laundering service on TG that was actually an undercover FBI operation.</p><p><a href="https://databreaches.net/2024/12/05/scattered-spider-hacking-gang-arrests-mount-with-teen/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2024/12/05/sc</span><span class="invisible">attered-spider-hacking-gang-arrests-mount-with-teen/</span></a></p><p><a href="https://infosec.exchange/tags/ScatteredSpider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ScatteredSpider</span></a> <a href="https://infosec.exchange/tags/FinSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FinSec</span></a> <a href="https://infosec.exchange/tags/Telecoms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telecoms</span></a> <a href="https://infosec.exchange/tags/Hack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hack</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>databreach</span></a></p>
BrianKrebs<p>Feds Charge Five Men in 'Scattered Spider' Roundup</p><p>Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.</p><p>Two of the accused I've written about extensively already. Today's story looks at how several of these guys were caught. For example:</p><p>"The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time. </p><p>In August 2022, multiple security firms gained access to the server that was receiving data from that Telegram bot, which on several occasions leaked the Telegram ID and handle of its developer, who used the nickname "Joeleoli."</p><p><a href="https://krebsonsecurity.com/2024/11/feds-charge-five-men-in-scattered-spider-roundup/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2024/11/fe</span><span class="invisible">ds-charge-five-men-in-scattered-spider-roundup/</span></a></p><p><a href="https://infosec.exchange/tags/scatteredspider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scatteredspider</span></a> <a href="https://infosec.exchange/tags/fbi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fbi</span></a> <a href="https://infosec.exchange/tags/simswap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>simswap</span></a></p>
BrianKrebs<p>Alleged Boss of "Scattered Spider" Hacking Group Arrested in Spain</p><p>A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.</p><p><a href="https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">krebsonsecurity.com/2024/06/al</span><span class="invisible">leged-boss-of-scattered-spider-hacking-group-arrested/</span></a></p><p><a href="https://infosec.exchange/tags/scatteredspider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scatteredspider</span></a> <a href="https://infosec.exchange/tags/0ktapus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>0ktapus</span></a> <a href="https://infosec.exchange/tags/tylerb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tylerb</span></a> <a href="https://infosec.exchange/tags/sosa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sosa</span></a></p>
Christina Lekati<p>Microsoft published a new blog with an analysis of the TTPs of the Octo Tempest group (also known as 0ktapus or Scattered Spider), a financially motivated threat actor that relies heavily on <a href="https://infosec.exchange/tags/socialengineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>socialengineering</span></a> for initial access.</p><p>This group is reportedly the one behind the Okta, MGM Resorts & Caesars this year, as well as the MailChimp & Twilio attacks last year.</p><p>"Octo Tempest commonly launches social engineering attacks targeting technical administrators, such as support and help desk personnel, who have permissions that could enable the threat actor to gain initial access to accounts. The threat actor performs research on the organization & identifies targets to effectively impersonate victims, mimicking idiolect on phone calls & understanding personal identifiable information to trick technical administrators into performing password resets & resetting MFA"</p><p>"Octo Tempest leverages tradecraft that many organizations don’t have in their typical threat models, such as SMS phishing, SIM swapping, and advanced social engineering techniques."</p><p>In reality, most organizations don't have a social engineering security protocol for most types of social engineering attacks beyond <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> and *some* vishing attacks/tactics. There is a lot of work to be done...</p><p>The blog:</p><p><a href="https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">microsoft.com/en-us/security/b</span><span class="invisible">log/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/</span></a></p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/cybersecuritynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecuritynews</span></a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatintelligence</span></a> <a href="https://infosec.exchange/tags/scatteredspider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scatteredspider</span></a> <a href="https://infosec.exchange/tags/threatactors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatactors</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload