A Group of Young Cybercriminals Poses the ‘Most Imminent Threat' of Cyberattacks Right Now
A notorious cybercriminal group often called Scattered Spider is known for using social engineering techniques to infiltrate target companies by tricking IT help desk workers into granting them system access. Researchers say that the group seems to gain expertise about the backend systems commonly used by businesses in a particular industry and then uses this knowledge to hit a cluster of targets before moving on to another sector. The group often deploys ransomware or conducts data extortion attacks once it has compromised its victims.
Amid increasing pressure from law enforcement last year, which culminated in charges and arrests of five suspects allegedly linked to Scattered Spider, researchers say that the group was less active in 2024 and seemed to be attempting to lay low. The group's escalating attacks in recent weeks, though, have shown that, far from being defeated, Scattered Spider is emboldened once again.
'There are some uniquely skilled actors in Scattered Spider when it comes to social engineering, and they have identified a major gap in our security systems that they're successfully taking advantage of,' says John Hultquist, chief analyst in Google's threat intelligence group. 'This group is carrying out serious attacks on our critical infrastructure, and I hope that we're not missing the opportunity to address the most imminent threat.'
Though a number of incidents have not been publicly attributed, an overwhelming spree of recent attacks on UK grocery store chains, North American insurers, and international airlines has broadly been tied to Scattered Spider. In May, the UK's National Crime Agency confirmed it was looking at Scattered Spider in connection to the attacks on British retailers. And the FBI warned in an alert on Friday that it has observed 'the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.' The warning came as North American airlines Westjet and Hawaii Airlines said they had been victims of cybercriminal hacks. On Wednesday, the Australian airline Qantas also said it had been hit with a cyberattack, though it was not immediately clear if this attack was part of the group's campaign.
'They slowed down, and we saw them dissipate for a while throughout 2024,' says Adam Meyers, a senior vice president for counter-adversary operations at the security company CrowdStrike. 'Then they've roared back in the last couple of months, first hitting retail and then hitting insurance companies and most recently targeting airlines.'
Scattered Spider first emerged as a high-profile group toward the end of 2023 as its members moved from SIM swapping attacks to launching crippling ransomware attacks on Caesar's Entertainment and MGM Resorts. The latter cost MGM around $100 million to recover from. Researchers emphasize that the collective is financially motivated, made up of mostly English-speaking teenagers and young men who are often based in the US or UK. The Scattered Spider hackers are considered an offshoot of the Com, an amorphous network of potentially thousands of trolls and criminals, many of whom engage in harassment, extortion, and child exploitation.
Scattered Spider members have increasingly coalesced around a tactic of using targeted social engineering to get a foothold inside company networks. Attackers may impersonate a staff member who is locked out of their company email account and contact the firm's IT help desk to get access, before resetting multifactor authentication credentials. Researchers say that the group has also used a tactic of creating convincing phishing websites where the URLs often include the name of the target organization along with words like 'okta,' 'vpn' or 'helpdesk.' Once inside networks, the hackers deploy various types of ransomware or steal data that is used to extort companies.
Meyers says Crowdstrike believes that Scattered Spider has roughly four core members, which drive the targeting of potential victims and 'leverage' resources from the wider Com ecosystem as needed. The exact structure and size of Scattered Spider is unclear, but researchers agree that the group relies on an array of third-party services to carry out its attacks.
'Deterrence is extremely difficult because we're essentially fighting a marketplace where a lot of the actors are replaceable,' Google's Hultquist says. 'For instance, Scattered Spider has worked with multiple ransomware services, so if one goes down there's always someone to replace them.'
Aiden Sinnott, a senior threat researcher at cybersecurity company Sophos' Counter Threat Unit, says that Scattered Spider and the Com more broadly are connected through relationships and communities on Discord servers or Telegram groups. 'It's this kind of evolving group where maybe new younger threat actors are coming in,' Sinnott says. 'You can see this natural escalation progression as they learn skills of each other, and they're very big on sharing their wins as well.'
Some Scattered Spider members may target big-name companies, while others are involved in less high-profile activity. 'There are groups, or individuals, who are really focused on hacking Coinbase accounts and stealing crypto and things like that,' Sinnott says. 'So they're not even focused on these big corporate organizations.'
As Hultquist puts it, "the activity is extremely resilient, because instead of fighting a single actor, we're really fighting a marketplace.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
New York Post
14 minutes ago
- New York Post
Ship attacked in Red Sea off Yemen with guns and grenades, UK maritime agency says
A ship came under attack Sunday in the Red Sea off the coast of Yemen by armed men firing guns and launching rocket-propelled grenades, a group overseen by the British military said. No one immediately claimed responsibility for the attack, which comes as tensions remain high in the Middle East over the Israel-Hamas war and after the Iran-Israel war and airstrikes by the United States targeting Iranian nuclear sites. The United Kingdom Maritime Trade Operations center said that an armed security team on the ship had returned fire and that the 'situation is ongoing.' Advertisement 3 A ship was attacked off the coast of Yemen by gunshots and rocket-propelled grenades. AP It described the attack as happening some 100 kilometers (60 miles) southwest of Hodeida, Yemen, which is held by the country's Houthi rebels. 'Authorities are investigating,' it said. Advertisement Ambrey, a maritime security firm, issued a warning saying that a merchant ship had been 'attacked by eight skiffs while transiting northbound in the Red Sea.' It said it believed the attack was ongoing. The U.S. Navy's Mideast-based 5th Fleet referred questions to the military's Central Command, which did not immediately respond to a request for comment. The Houthi rebels have been launching missile and drone attacks against commercial and military ships in the region in what the group's leadership has described as an effort to end Israel's offensive against Hamas in the Gaza Strip. The group's al-Masirah satellite news channel acknowledged the attack occurred, but offered no other comment on it as it aired a speech by its secretive leader, Abdul Malik al-Houthi. Advertisement 3 Houthi rebels have been launching attacks against commercial and military ships in the region as an effort to end Israel's offensive against Hamas in the Gaza Strip. Between November 2023 and January 2025, the Houthis targeted more than 100 merchant vessels with missiles and drones, sinking two of them and killing four sailors. That has greatly reduced the flow of trade through the Red Sea corridor, which typically sees $1 trillion of goods move through it annually. Every morning, the NY POSTcast offers a deep dive into the headlines with the Post's signature mix of politics, business, pop culture, true crime and everything in between. Subscribe here! Advertisement The Houthis paused attacks in a self-imposed ceasefire until the U.S. launched a broad assault against the rebels in mid-March. That ended weeks later and the Houthis haven't attacked a vessel, though they have continued occasional missile attacks targeting Israel. On Sunday, the group claimed they launched a missile at Israel which the Israeli military said it intercepted. 3 Protesters, mainly Houthi supporters, during a rally to show solidarity with Palestinians in Gaza, in Yemen. REUTERS Meanwhile, a wider, decadelong war in Yemen between the Houthis and the country's exiled government, backed by a Saudi-led coalition, remains in a statemate. The Yemeni Coast Guard, which is loyal to the exiled government, has engaged in a firefight with at least one vessel in the Red Sea in the past as well. Pirates from Somalia also have operated in the region, though typically they've sought to capture vessels either to rob or ransom their crews.
Cosmopolitan
an hour ago
- Cosmopolitan
Who is George Russell's girlfriend Carmen Mundt? Your 101 on the F1 Mercedes driver's relationship
ICYMI: the F1 British Grand Prix is currently ongoing at Silverstone. Yep, the high octane racing is back as the best in the sport battle it out. And with F1: The Movie in cinemas, Formula 1 is definitely in the zeitgeist. And one of the biggest names in the motorsports rn? George Russell: the British driver has won four Formula One Grands Prix and is only 27. One of our fave facts about him? He is in an adorbs af relationship with Carmen Montero Mundt. So, who is F1 WAG Carmen Montero Mundt? And how long have she and Russell been together? Keep scrolling for the full details. Mundt is the girlfriend of George Russell, the British F1 driver. She's often seen supporting him at events, travelling across the world to do so, and is known for her elegant personal style. Like George Russell, Mundt was born in 1998. Her birthday is 12 February, which makes her an Aquarius. She's 27 years old. Mundt was born in Spain but moved to the UK when she was 18. Mundt has a BA in Business Management and Finance from the University of Westminster and also has a Diploma in Asset Allocation and Risk Management from the University of Geneva. She's worked at Ruffer, a London-based asset manager and Delta, a business management consultant. Now, she doesn't appear to have a staff role in the financial sector but she has released an e-book called My Investing Journey and Learning with the platform Female Invest. She has spoken about how her interest in finance was sparked by her family's financial problems, with her father going bankrupt when Mundt was 10 years old. Currently she has over 600,000 followers on her Instagram @carmenmmundt. She also posts branded content with the likes of Alo and Dior. Mundt and Russell met in London through a mutual friend. They made their relationship public at the 2020 Tuscan Grand Prix. The couple celebrated their five-year anniversary in February 2025. These two are too cute!
Hamilton Spectator
2 hours ago
- Hamilton Spectator
Ship attacked in Red Sea off Yemen with gunfire, rocket-propelled grenades, UK maritime agency says
DUBAI, United Arab Emirates (AP) — A ship came under attack Sunday in the Red Sea off the coast of Yemen by armed men firing guns and launching rocket-propelled grenades, a group overseen by the British military said. No one immediately claimed responsibility for the attack, which comes as tensions remain high in the Middle East over the Israel-Hamas war and after the Iran-Israel war and airstrikes by the United States targeting Iranian nuclear sites. The United Kingdom Maritime Trade Operations center said that an armed security team on the ship had returned fire and that the 'situation is ongoing.' 'Authorities are investigating,' it said. Ambrey, a maritime security firm, issued a warning saying that a merchant ship had been 'attacked by eight skiffs while transiting northbound in the Red Sea.' It said it believed the attack was ongoing. The U.S. Navy's Mideast-based 5th Fleet referred questions to the military's Central Command, which did not immediately respond to a request for comment. Yemen's Houthi rebels have been launching missile and drone attacks against commercial and military ships in the region in what the group's leadership has described as an effort to end Israel's offensive against Hamas in the Gaza Strip. Between November 2023 and January 2025, the Houthis targeted more than 100 merchant vessels with missiles and drones, sinking two of them and killing four sailors . That has greatly reduced the flow of trade through the Red Sea corridor, which typically sees $1 trillion of goods move through it annually. The Houthis paused attacks in a self-imposed ceasefire until the U.S. launched a broad assault against the rebels in mid-March. That ended weeks later and the Houthis haven't attacked a vessel, though they have continued occasional missile attacks targeting Israel. Meanwhile, a wider, decadelong war in Yemen between the Houthis and the country's exiled government, backed by a Saudi-led coalition, remains in a statemate. Pirates from Somalia also have operated in the region, though typically they've sought to capture vessels either to rob or ransom their crews. Error! Sorry, there was an error processing your request. There was a problem with the recaptcha. Please try again. You may unsubscribe at any time. By signing up, you agree to our terms of use and privacy policy . This site is protected by reCAPTCHA and the Google privacy policy and terms of service apply. Want more of the latest from us? Sign up for more at our newsletter page .
