An advisory released by the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency details the background, composition, and tactics of the threat actor collective Scattered Spider, according to BleepingComputer.
The group, which also goes by oktapus, Octo Tempest, and Starfraud, is a loosely knit collective of hackers that connect via Telegram and hacker forums. This lack of cohesiveness makes them difficult to track, though the FBI reportedly already knows the identities of 12 of its members. The gang uses multifactor authentication bombing, SMS and email phishing, and SIM-swapping tactics to breach large enterprises. It was profiled in December 2022 as a financially motivated group that employs high-level social engineering tactics, defense reversal, and diverse software tools to hack telecommunications companies. Malware that the group is known to have installed in victim systems include Raccoon Stealer, Vidar Stealer, and WarZone RAT. It has been linked to two recent high-profile cyber incidents targeting MGM Casino and Caesars Entertainment.
Organizations in the government, real estate, telecommunications, retail, and other sectors across the U.S., Africa, and the Middle East have been subjected to intrusions under the new CL-STA-0002 threat cluster.
BBC News reports that major online travel agency Booking.com had its customers in the U.S., UK, and other parts of the world impacted by fraud following a social engineering attack that involved the deployment of the Vidar information-stealing malware.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news