The Federal Bureau of Investigation (FBI) has issued a cautionary alert to organizations regarding the activities of a hacking collective known as Scattered Spiders. This group has gained notoriety for infiltrating numerous organizations both within the United States and globally.
The advisory outlines the techniques, tactics, and modus operandi employed by these hackers, emphasizing their involvement in crimes such as data extortion and the utilization of social engineering methods. The highlighted tactics encompass phishing, push bombing, and SIM swap attacks. These techniques are employed to pilfer credentials, deploy remote access tools, and circumvent multi-factor authentication measures.
Scattered Spiders, also recognized by aliases such as Starfraud, UNC3944, Scatter Swine, and Muddled Libra, includes members as young as 16 years old who are predominantly English speakers, according to Bleeping Computer.
The FBI underscores that these hackers often pose as IT support personnel or help desk representatives from various companies to deceive employees into disclosing user credentials. This deceptive approach allows them to gain network access, pilfer OTPs (One-Time Passwords) for further system infiltration, generate MFA (Multi-Factor Authentication) notification prompts, and even take control of users’ SIM cards.
Furthermore, the FBI reveals that once the threat actors gain entry to networks, they employ publicly available remote access tunneling tools to surveil and manage systems. The group’s historical evasion of detection on target networks is attributed to their use of living off the land techniques and frequently altering their Tactics, Techniques, and Procedures (TTPs).
Previous cyberattacks attributed to Scattered Spiders include targeting prominent companies such as Riot Games, DoorDash, MailChimp, and others. Notably, Microsoft has also issued warnings about the group, referring to them by another alias—Octo Tempest.
In addition to infiltrating networks and using remote access tools, the hackers deploy malware like WinZone RAT and Racoon Stealer to pilfer compromised passwords and other sensitive data.
To safeguard against these threats, the FBI advises users to maintain offline backups of data, mandate password logins for all accounts, use longer passwords ranging from eight to 64 characters, implement phishing-resistant multi-factor authentication (MFA), keep operating systems and software updated, segment networks to thwart malware spread, disable hyperlinks in emails, and ensure data encryption.