Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

FBI, CISA Warn on Scattered Spider

July 30, 2025
Reading Time: 3 mins read
in Alerts
Atomic macOS Stealer Adds Backdoor

A multi-national coalition of cybersecurity and law enforcement agencies has released a joint advisory detailing the evolving and sophisticated tactics of the cybercriminal group known as “Scattered Spider.”

The advisory, designated as AA23-320A, is a collaborative effort by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and international partners including the United Kingdom’s National Cyber Security Centre (NCSC-UK) and the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC). It serves as a critical update on the group’s activities, which have grown in scope and complexity, posing a significant threat to organizations worldwide.

“Scattered Spider,” also identified by various aliases such as “UNC3944” “Octo Tempest,” and “Muddled Libra,” is a financially motivated threat actor that has been active since at least late 2022. The group has gained notoriety for its proficiency in social engineering, targeting large organizations, particularly in the telecommunications and IT sectors.

According to the advisory, the group’s tactics have evolved to include more sophisticated social engineering techniques. They are known to pose as company IT or helpdesk staff in phone calls or SMS messages to obtain employee credentials and gain initial access to networks. This often involves convincing employees to run commercial remote access tools, share one-time password (OTP) authentication codes, or even reset passwords and transfer Multi-Factor Authentication (MFA) to a device controlled by the attackers.

A key tactic highlighted in the advisory is “MFA fatigue” or “push bombing,” where the attackers overwhelm a user with a barrage of MFA push notifications until the target eventually approves one, granting the attackers access. Another method involves convincing cellular carriers to transfer control of a target’s phone number to a SIM card in their possession, a technique known as SIM swapping.

Once inside a network, “Scattered Spider” employs “living off the land” (LOTL) techniques, using legitimate and publicly available remote access tunneling tools to navigate the compromised environment and evade detection. The advisory notes that the group has also been observed using various malware and ransomware variants to exfiltrate data and encrypt systems.

The primary goal of “Scattered Spider” is financial gain, which they achieve through various extortion methods. After exfiltrating sensitive data, they often deploy ransomware and threaten to leak the stolen information unless a ransom is paid. The group has been linked to the BlackCat/ALPHV ransomware-as-a-service (RaaS) operation.

In response to this escalating threat, the advisory outlines a series of mitigation strategies for organizations to implement. These include:

  • Enforcing phishing-resistant MFA: This is a critical step to counter the group’s social engineering tactics.
  • Implementing Application Controls: Managing and controlling the execution of software, including allowlisting remote access programs, can prevent the installation and execution of unauthorized tools.
  • Auditing and Limiting Remote Access Tools: Organizations are urged to audit their networks for remote access tools, review logs for abnormal usage, and block unnecessary remote access ports and protocols.
  • Maintaining Offline Backups: Regular and tested offline backups of data are crucial for recovery in the event of a ransomware attack.
  • Employee Training and Awareness: Educating employees about social engineering tactics is vital to prevent them from falling victim to the group’s schemes.

The advisory serves as a stark reminder of the persistent and adaptive nature of cyber threats. The authoring organizations encourage all critical infrastructure organizations and commercial facilities to review the advisory and implement the recommended mitigations to reduce their risk of compromise.

Organizations that suspect they have been targeted by “Scattered Spider” are urged to report the incident to their local FBI field office or CISA’s 24/7 Operations Center.

Reference:

  • FBI and CISA Issue Urgent Warning on “Scattered Spider” Cybercrime Group
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityJuly 2025
ADVERTISEMENT

Related Posts

Smishing targets routers in Belgium 2025

Smishing targets routers in Belgium 2025

October 2, 2025
Smishing targets routers in Belgium 2025

Outlook Bug Causes Repeated Crashes

October 2, 2025
Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

October 2, 2025
Microsoft Sentinel Unveils AI SIEM

Apple Pushes iPhone and Mac Updates

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

Tesla Fixes TCU Bug With USB Risk

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

EvilAI Malware Posing As AI Tools

October 1, 2025

Latest Alerts

Outlook Bug Causes Repeated Crashes

Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

Tesla Fixes TCU Bug With USB Risk

Apple Pushes iPhone and Mac Updates

EvilAI Malware Posing As AI Tools

Subscribe to our newsletter

    Latest Incidents

    Allianz Life July Breach Hits 1.5M

    Dealership Software Breach Hits 766k

    Suffolk Website Down After Cyber-Attack

    WestJet Confirms Data Breach

    Ransomware Gang Recruits Reporter

    US Surveillance Hack Exposes Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial