As the FBI closes in, Scattered Spider attacks finance, insurance orgs

Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them.

A game of cops and robbers is playing out between the FBI and Scattered Spider (aka UNC3944, 0ktapus, Roasted Oktapus, Scatter Swine, Octo Tempest, Muddled Libra), the cybercrime outfit a la mode, ever since its high-profile attacks against MGM Resorts and Caesars Entertainment. If recent rumblings are to be believed, the future of the group might well be determined in short course.

On one side, Brett Leatherman, the FBI’s cyber deputy assistant director, told reporters in various interviews at RSAC 2024 about the agency’s plans to bring charges against members of Scattered Spider, primarily under the well-worn Computer Fraud and Abuse Act.

And yet, clearly, Scattered Spider hasn’t felt that pressure coming. In recent months it has only expanded its scope, with attacks targeting industries as broad as retail, food services, and video games.

In just the past few weeks, the group compromised at least 29 companies in the finance and insurance industries, according to research from Resilience. An anonymous researcher told Bloomberg that among those targeted were household names like Visa, PNC, Transamerica, and New York Life Insurance Co., though they didn’t reveal which of those organizations in particular had failed to stop their attackers.

This latest campaign has had some of the usual hallmarks of Scattered Spider attacks: lookalike domains mimicking organizations’ Okta and content management system (CMS) sign-on pages, with the potential for follow-on SIM swap attacks that leak sensitive corporate data. There was a notable efficiency to the attacks as well, with Scattered Spider swiftly deploying its infrastructure and conducting its attacks in only a few hours’ time.

Can Authorities Take Down Scattered Spider?

The effects of law enforcement interventions into cybercrime often are found in the finer details: the confidence that affiliates lose in brand-name groups, the power vacuums that result, and the looming threat to anyone who dares take their place.

To read the complete article, visit Dark Reading.