ºÚÁÏÕýÄÜÁ¿

Executive Summary

Scattered Spider is a financially motivated threat actor active since at least 2022, which has targeted organizations in various industries, including healthcare. The group has leveraged both legitimate, publicly available tools and other malware in its intrusions, including multiple ransomware variants. The group has become known for its advanced social engineering techniques, including voice phishing and leveraging artificial intelligence (AI) to spoof victims’ voices for obtaining initial access to targeted organizations. The group will likely continue to evolve its TTPs to evade detection.

Report

Scattered Spider (also known as Octo Tempest, Roasted 0ktapus, Storm-0875, Starfraud, UNC3944, Scatter Swine, and Muddled Libra) is a financially motivated cybercriminal group that engages in data extortion and several other criminal activities. Scattered Spider is a native English-speaking cybercriminal group that has been active since at least 2022. The group is thought to comprise of individuals based in the United States and the United Kingdom. They are believed to be primarily between the ages of 19 and 22, as of September 2023. The group initially targeted customer relationship management (CRM) and business-process outsourcing (BPO) firms, as well as telecommunications and technology companies. Beginning in 2023, Scattered Spider expanded its operations to compromise victims in the gaming, hospitality, retail, MSP, manufacturing, and financial sectors. More recently, the group has expanded its operations to cloud environments. During campaigns, Scattered Spider has leveraged targeted social-engineering techniques, attempted to bypass popular endpoint security tools, and has deployed ransomware for financial gain. The group added RansomHub and Qilin to its cyber arsenal in Q2 2024.

View the detailed Threat Actor Profile below.