Scattered Spider, from SIM swap to ransomware: Microsoft's warning

Scattered Spidera collective of cybercriminals already known to security experts, is changing its activities causing some concern among researchers and cybersecurity experts.

Second Microsoftin fact, these hackers are “One of the criminal groups with the most dangerous financial objectives“. This statement is the result of the fluidity of Scattered Spider which, at the operations of phishing via SMS e SIM swap has also recently added activities in context ransomware.

The group, also known as Eight Tempestsis defined by Microsoft as “A financially motivated collective of native English-speaking threat actors known for launching wide-ranging campaigns featuring Adversary-in-the-middle (AiTM), social engineering, and SIM swapping techniques“.

It should be underlined that, depending on the various IT security companies, Scattered Spider takes on different names: in addition to Octo Tempest, in fact, the collective is also called 0 floors, Scatter Swine e UNC3944.

Scattered Spider alert: the cybercriminal group is acting on multiple fronts

Despite the introduction of ransomware techniques, one of the attack strategies that have made Scattered Spider hackers famous in the environment are campaigns related to support services staff.

These techniques, in fact, include some refined strategies social engineeringwith which cybercriminals can also gain access to services protected by multi-factor authentication systems.

During 2023, however, the actions of cybercriminals appear to have changed. The main objectives, it seems, are now the cryptocurrencies stored in digital wallets and the spread of ransomware, with the aim of obtaining money through extortion.

Even with regards to the platforms targeted, Scattered Spider proved to be a flexible group, hitting systems without too much difficulty Windows e Linux.

Microsoft, in fact, also explained how “A unique technique used by Octo Tempest is to compromise VMware ESXi infrastructure by installing the open source Linux backdoor Bedevil and then launching VMware Python scripts to execute arbitrary commands against hosted virtual machines“.


Please enter your comment!
Please enter your name here