The Federal Bureau of Investigation (FBI) has issued a warning to organizations about a hacking group called Scattered Spiders—a group notorious for invading various organizations across the United States and the world.
This advisory consists of techniques, tactics, and the modus operandi these hackers use to operate and warns about how these hackers execute crimes like data extortion and use social engineering techniques. These include phishing, push bombing, and SIM swap attacks, to steal credentials, install remote access tools, and even bypass multi-factor authentication.
This hacker group is known by other aliases as well—including Starfraud, UNC3944, Scatter Swine, and Muddled Libra. Moreover, as per Bleeping Computer, members as young as 16 years old, and primary English speakers.
Hackers Posing As IT Support, Helpdesk
The FBI notes that these hackers are pretending to be from IT support and from help desks of various companies, and this is how they convince employees to obtain users’ credentials to get network access, steal OTPs for further infiltrating systems, generate MFA notification prompts, and even get control over users’ SIM cards.
The FBI further said that these threat actors, after getting access to networks, use publicly available, remote access tunneling tools to monitor and manage systems. “Scattered Spider threat actors have historically evaded detection on target networks by using living off the land techniques and allowlisted applications to navigate victim networks, as well as frequently modifying their TTPs,” the FBI added.
History of High-Profile Attacks
Bleeping Computer reports that in the past, the group has been known to attack some of the most proficient companies—including Riot Games, DoorDash, MailChimp, and more. Additionally, big-name companies like Microsoft, too, have warned about the same group but addressed them using another alias—Octo Tempest.
How To Be Safe
Apart from first infiltrating networks and using publicly available remote accesses tools, these hackers install malware through WinZone RAT, Racoon Stealer, and more, then steal from compromised passwords and other data.
To be safe from this, the FBI advises users to maintain offline backups of data, require all accounts with password logins, use longer passwords consisting of at least eight characters and no more than 64 characters in length, require phishing-resistant multifactor authentication (MFA), keep all operating systems, software, and firmware up to date, segment networks to prevent the spread of malware, disable hyperlinks in emails, and keep all data encrypted.