Solid write up on Scattered Spider by Silent Push, but trademarking a stupid new cybersecurity terms is gross and not helpful to the industry at large.
Recent searches
Search options
#scatteredspider
2 posts2 participants0 posts today
Scattered Spider member pleads guilty to identity theft, wire fraud charges
#SCATTEREDSPIDER
https://therecord.media/scattered-spider-member-noah-urban-guilty-plea
therecord.mediaScattered Spider member pleads guilty to identity theft, wire fraud chargesNoah Urban, one of five Scattered Spider suspects identified by U.S. authorities, pleaded guilty in Florida to charges related to the cybercrime operation.
Scattered Spider Hacking Gang Arrests Mount With Teen:
Remington Ogletree (aka "Remi") arrested and charged with wire fraud and aggravated identity theft.
This teen had jaw-droppingly bad opsec, and to add to it, he used a crypto laundering service on TG that was actually an undercover FBI operation.
https://databreaches.net/2024/12/05/scattered-spider-hacking-gang-arrests-mount-with-teen/
Feds Charge Five Men in 'Scattered Spider' Roundup
Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio.
Two of the accused I've written about extensively already. Today's story looks at how several of these guys were caught. For example:
"The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time.
In August 2022, multiple security firms gained access to the server that was receiving data from that Telegram bot, which on several occasions leaked the Telegram ID and handle of its developer, who used the nickname "Joeleoli."
https://krebsonsecurity.com/2024/11/feds-charge-five-men-in-scattered-spider-roundup/
Alleged Boss of "Scattered Spider" Hacking Group Arrested in Spain
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years.
https://krebsonsecurity.com/2024/06/alleged-boss-of-scattered-spider-hacking-group-arrested/
Microsoft published a new blog with an analysis of the TTPs of the Octo Tempest group (also known as 0ktapus or Scattered Spider), a financially motivated threat actor that relies heavily on #socialengineering for initial access.
This group is reportedly the one behind the Okta, MGM Resorts & Caesars this year, as well as the MailChimp & Twilio attacks last year.
"Octo Tempest commonly launches social engineering attacks targeting technical administrators, such as support and help desk personnel, who have permissions that could enable the threat actor to gain initial access to accounts. The threat actor performs research on the organization & identifies targets to effectively impersonate victims, mimicking idiolect on phone calls & understanding personal identifiable information to trick technical administrators into performing password resets & resetting MFA"
"Octo Tempest leverages tradecraft that many organizations don’t have in their typical threat models, such as SMS phishing, SIM swapping, and advanced social engineering techniques."
In reality, most organizations don't have a social engineering security protocol for most types of social engineering attacks beyond #phishing and *some* vishing attacks/tactics. There is a lot of work to be done...
The blog:
Microsoft Security Blog · Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction | Microsoft Security BlogMicrosoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.