The Scattered Spider cybercrime group has aligned itself with the RansomHub ransomware-as-a-service (RaaS) operator, as per an analysis by GuidePoint Security. This collaboration stems from observed tactics, techniques, and procedures (TTPs), indicating that Scattered Spider, previously affiliated with ALPHV/BlackCat, is now conducting ransomware operations with RansomHub.
The disbandment of ALPHV/BlackCat following a ransom payment from a US healthcare firm in March 2024 has significantly impacted the RaaS ecosystem, leading to the rise of new RaaS models like RansomHub. These groups compete for affiliates and leverage tactics such as data theft for extortion.
Scattered Spider, known for targeting large organizations like MGM International and Caesars Entertainment, excels in social engineering tactics. Their methods include posing as IT helpdesk staff and utilizing SIM swap or multifactor authentication (MFA) fatigue attacks to bypass security measures.
GuidePoint emphasizes the importance of user education and identity verification processes in combating Scattered Spider’s threats. While the group’s tactics aren’t particularly novel, their proficiency in social engineering underscores the need for robust security measures to thwart their operations.
